Beware Trojan Mobile Banking Apps

Uploaded on 2020-06-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

Mobile banking applications usage has increased, partly as a result of the virus and lockdown and now the US Federal Bureau of Investigation (FBI) has warned that there is a rise in realted criminal acitivty. Usage of mobile banking applications has significantly increased, and this has recently risen by 50% since the beginning of 2020, an alert from the FBI’s Internet Crime Complaint Center (IC3) reveals.

The FBI advises users to excercise extreme caution when downloading banking Apps  to mobile devices, as they could hide 'malicious intent'.  

Cyber criminals target banking information using banking Trojans, are malicious programs that disguise themselves as other apps, including games 

Banking Trojans, are usually disguised as other apps and remain dormant on devices until the user launches a legitimate banking application. The Trojan may overlay a false version of the bank’s login page and trick the user into revealing their login credentials, which are then sent to human operators that leverage them to compromise accounts.

In some cases, cyber-criminals create fake apps that impersonate legitimate financial software, also in an attempt to deceive users into entering their credentials. 

Such apps usually display an error message after the attempted login and can steal security codes received by users by leveraging smartphone permission requests. According to the FBI,  nearly 65,000 fake apps have been detected on major app stores, making this one of the fastest growing sectors of smartphone-based fraud

To stay protected, users should download applications from trusted sources only, such as official app stores and bank websites.

Using two- or multi-factor authentication represents another means of staying protected from exploitation, as it is highly effective in securing accounts against compromise, the FBI notes. Modern MFA solutions (biometrics, hardware tokens, or authentication apps) are more secure compared to email or SMS-based methods.

The FBI also recommends the use of multiple types of authentication for accounts when possible, keeping an eye on where personally identifiable information (PII) is stored and only sharing the most necessary information with financial institutions, and avoiding clicking on links in emails or text messages, or sharing two-factor codes over phone.

The FBI recommends creating strong, unique passwords to mitigate these attacks. The US National Institute of Standards and Technology's (NIST) most recent guidance encourages users to make passwords or passphrases that are 15 characters or longer..

Users who encounter an app that looks suspicious are encouraged to contact the financial institution to report it. If a phone call claiming to be from the bank seems suspicious, users should hang up and call the bank at the customer service number on their website.

FBI:         Security Week:         The Hill:       

You Might Also Read: 

Malware – The Hateful Eight:

 

« Using AI In Cyber Security
Australia Assaulted By Severe State-Backed Cyber Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Secure Forum

Cyber Secure Forum

The Cyber Secure Forum is a premier cybersecurity event dedicated to bringing together experts, and professionals to explore the latest trends, share knowledge, and discuss strategies.

FAMOC

FAMOC

FAMOC is an enterprise mobile management solution that delivers comprehensive security and management for applications, documents, email, and mobile devices.

Netsparker

Netsparker

Netsparker provide a web application security scanner to automatically find security flaws in your websites, web applications and web services.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

PrivacySavvy

PrivacySavvy

PrivacySavvy's mission is to provide you with all the information that you need to ensure that your internet privacy is intact, your devices are secure, and that any time you step online, you’re safe.

Octiga

Octiga

Octiga is an office 365 cloud security provider. It offers Office 365 monitoring, incident response and recovery tools.

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Financial Services Information Sharing and Analysis Center (FS-ISAC)

The Financial Services Information Sharing and Analysis Center is the only global cyber intelligence sharing community solely focused on financial services.

Varen Technologies

Varen Technologies

Varen Technologies is an innovative consulting partner with highly respected cyber security, analytics, Agile Software Development and IT/maintenance expertise.

Superus Careers - Cyber Career Exchange

Superus Careers - Cyber Career Exchange

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity.

Cognna

Cognna

Cognna's innovative platform is designed to empower you and your team, providing the tools you need to detect, prevent, and resolve threats with ease.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.

Cytacs

Cytacs

Cytacs is the AI-powered cyber security platform specifically designed for small and medium-scale enterprises.