Beware Trojan Mobile Banking Apps

Uploaded on 2020-06-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

Mobile banking applications usage has increased, partly as a result of the virus and lockdown and now the US Federal Bureau of Investigation (FBI) has warned that there is a rise in realted criminal acitivty. Usage of mobile banking applications has significantly increased, and this has recently risen by 50% since the beginning of 2020, an alert from the FBI’s Internet Crime Complaint Center (IC3) reveals.

The FBI advises users to excercise extreme caution when downloading banking Apps  to mobile devices, as they could hide 'malicious intent'.  

Cyber criminals target banking information using banking Trojans, are malicious programs that disguise themselves as other apps, including games 

Banking Trojans, are usually disguised as other apps and remain dormant on devices until the user launches a legitimate banking application. The Trojan may overlay a false version of the bank’s login page and trick the user into revealing their login credentials, which are then sent to human operators that leverage them to compromise accounts.

In some cases, cyber-criminals create fake apps that impersonate legitimate financial software, also in an attempt to deceive users into entering their credentials. 

Such apps usually display an error message after the attempted login and can steal security codes received by users by leveraging smartphone permission requests. According to the FBI,  nearly 65,000 fake apps have been detected on major app stores, making this one of the fastest growing sectors of smartphone-based fraud

To stay protected, users should download applications from trusted sources only, such as official app stores and bank websites.

Using two- or multi-factor authentication represents another means of staying protected from exploitation, as it is highly effective in securing accounts against compromise, the FBI notes. Modern MFA solutions (biometrics, hardware tokens, or authentication apps) are more secure compared to email or SMS-based methods.

The FBI also recommends the use of multiple types of authentication for accounts when possible, keeping an eye on where personally identifiable information (PII) is stored and only sharing the most necessary information with financial institutions, and avoiding clicking on links in emails or text messages, or sharing two-factor codes over phone.

The FBI recommends creating strong, unique passwords to mitigate these attacks. The US National Institute of Standards and Technology's (NIST) most recent guidance encourages users to make passwords or passphrases that are 15 characters or longer..

Users who encounter an app that looks suspicious are encouraged to contact the financial institution to report it. If a phone call claiming to be from the bank seems suspicious, users should hang up and call the bank at the customer service number on their website.

FBI:         Security Week:         The Hill:       

You Might Also Read: 

Malware – The Hateful Eight:

 

« Using AI In Cyber Security
Australia Assaulted By Severe State-Backed Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Watchcom Security Group

Watchcom Security Group

Watchcom is one of Norway's foremost suppliers of information security consultancy services.

Mission Secure (MSi)

Mission Secure (MSi)

MSi is a specialized provider of next generation cyber defense solutions protecting control systems and critical physical assets in energy, transportation and defense.

Computer Forensic Services

Computer Forensic Services

Computer Forensic Services are digital evidence specialists. Practice areas include Information Security, e-Discovery, Law Enforcement Support and Litigation.

IPN (ICT Research Platform Nederlands)

IPN (ICT Research Platform Nederlands)

IPN promotes academic research and education in the ICT field by building and maintaining a national community, and by developing policy to advance the field. Areas of focus include Cyber Security.

Intelligent Business Solutions Cyprus (IBSCY)

Intelligent Business Solutions Cyprus (IBSCY)

IBSCY Ltd is a leading provider of total IT solutions and services in Cyprus specializing in the areas of cloud services and applications, systems integration, IT infrastructure and security.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

Basque Digital Innovation Hub (BDIH)

Basque Digital Innovation Hub (BDIH)

The aim of the BDIH initiative is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.

FraudWatch International

FraudWatch International

FraudWatch has been protecting client brands around the world since 2003, and are the leaders in online brand protection from phishing, malware, social media and mobile apps impersonation.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

Netography

Netography

Netography provides a scalable and reliable platform for detection & remediation of cyber threats found on your network.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Custard Technical Services

Custard Technical Services

Custard provide Network Security for all types of businesses across many industries, helping to keep them safe and secure.

Academia the Technology Group

Academia the Technology Group

Academia specialise in the supply of software, IT hardware, training and service solutions to the public sectors, business and pro media markets.

Upwind Security

Upwind Security

Upwind delivers comprehensive cloud security, precisely when and where it’s most critical.