Beware Trojan Mobile Banking Apps

Uploaded on 2020-06-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

Mobile banking applications usage has increased, partly as a result of the virus and lockdown and now the US Federal Bureau of Investigation (FBI) has warned that there is a rise in realted criminal acitivty. Usage of mobile banking applications has significantly increased, and this has recently risen by 50% since the beginning of 2020, an alert from the FBI’s Internet Crime Complaint Center (IC3) reveals.

The FBI advises users to excercise extreme caution when downloading banking Apps  to mobile devices, as they could hide 'malicious intent'.  

Cyber criminals target banking information using banking Trojans, are malicious programs that disguise themselves as other apps, including games 

Banking Trojans, are usually disguised as other apps and remain dormant on devices until the user launches a legitimate banking application. The Trojan may overlay a false version of the bank’s login page and trick the user into revealing their login credentials, which are then sent to human operators that leverage them to compromise accounts.

In some cases, cyber-criminals create fake apps that impersonate legitimate financial software, also in an attempt to deceive users into entering their credentials. 

Such apps usually display an error message after the attempted login and can steal security codes received by users by leveraging smartphone permission requests. According to the FBI,  nearly 65,000 fake apps have been detected on major app stores, making this one of the fastest growing sectors of smartphone-based fraud

To stay protected, users should download applications from trusted sources only, such as official app stores and bank websites.

Using two- or multi-factor authentication represents another means of staying protected from exploitation, as it is highly effective in securing accounts against compromise, the FBI notes. Modern MFA solutions (biometrics, hardware tokens, or authentication apps) are more secure compared to email or SMS-based methods.

The FBI also recommends the use of multiple types of authentication for accounts when possible, keeping an eye on where personally identifiable information (PII) is stored and only sharing the most necessary information with financial institutions, and avoiding clicking on links in emails or text messages, or sharing two-factor codes over phone.

The FBI recommends creating strong, unique passwords to mitigate these attacks. The US National Institute of Standards and Technology's (NIST) most recent guidance encourages users to make passwords or passphrases that are 15 characters or longer..

Users who encounter an app that looks suspicious are encouraged to contact the financial institution to report it. If a phone call claiming to be from the bank seems suspicious, users should hang up and call the bank at the customer service number on their website.

FBI:         Security Week:         The Hill:       

You Might Also Read: 

Malware – The Hateful Eight:

 

« Using AI In Cyber Security
Australia Assaulted By Severe State-Backed Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

Omada

Omada

Omada is a leading provider of IT security solutions and services for identity management and access governance.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

Asimily

Asimily

Asimily’s IoMT risk remediation platform holistically secures the mission-critical healthcare devices that deliver safe and reliable care.

CCX Technologies

CCX Technologies

CCX Technologies design and develop a wide range of cybersecurity and testing solutions for the aviation, and military and government markets.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

Catalyst Campus For Technology & Innovation

Catalyst Campus For Technology & Innovation

Catalyst Campus is a collaborative ecosystem to create community, spark innovation and stimulate business growth.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.

RST Cloud

RST Cloud

RST Cloud is a cutting-edge technology company that specialises in threat intelligence solutions for businesses of all sizes.

Defence Logic

Defence Logic

Defence Logic is a cyber security company serving clients in many business sectors. Our consultancy services include Penetration Testing, Security Reviews and Monitoring.

SeQure

SeQure

SeQure is a novel cybersecurity and data observability company that offers Fortune 100 and Governments a zero-trust service to continuously monitor large network environments.