These days, there isn’t much that can’t be done on mobile, and that includes banking. For many people, banking apps are the go-to method of managing finances, and as a result, mobile banking malware targeting Android phones has become a serious and somewhat underestimated threat.
For malware creators motivated by financial gain, mobile banking provides an accessible and potentially lucrative opportunity, says Carey van Vlaanderen, CEO at ESET South Africa.
While the mobile threat landscape is constantly evolving, most banking malware falls into two main categories – sophisticated banking Trojans and fake banking apps. For the victims, both types of malware end in the same result: stolen money or bank account credentials. In order to obtain this information, Android banking malware makes use of phishing and fake login forms; however, banking Trojans and fake banking apps utilise different strategies in order to deceive their victims.
As their name would suggest, sophisticated banking Trojans hide behind a seemingly legitimate mask to gain users’ trust. They are often found lurking in unofficial app stores but can sometimes make their way into the official Google Play store too. Banking Trojans can come in the form of games, widgets, battery managers, video players, or even as we’ve seen recently, horoscope-themed apps.
While some apps provide no functionality and only harbour malware, others work as expected, making it even more difficult for users to detect an issue. Once installed on the Android device, these Trojan apps overlay the screens of targeted applications with phishing screens, which are often virtually indistinguishable from the real login screen. While banking apps are the most common target, Trojans can also target social media and messaging apps, booking apps, or online stores in order to obtain debit/credit card credentials.
Where the Trojan malware is all about stealth and remaining undetected on the device for as long as possible, fake banking apps are more straightforward. As the name suggests, fake banking apps aim to imitate legitimate banking apps in the hopes a victim will download them for the purpose of banking. In order to be successful then, these apps must appear legitimate and trustworthy in their presentation. These apps are also spread through unofficial app stores and the Google Play store.
A good indicator of potential malware is a mismatched app category (for example, the app is listed under the “Health & Fitness” category) or an unfamiliar developer name. Unlike Trojans, fake banking apps usually focus on just one financial service to impersonate; some malware authors take advantage of the absence of an official mobile app or claim to be the legitimate app with more functionality or rewards. Once installed and login details are entered, the apps harvest users’ credentials.
Both types of malware continue to be a threat, and with mobile banking only increasing in popularity, it is important to stay vigilant and know how to spot and remove banking malware. To start, only install apps from the Google Play store; while malware can occasionally sneak in, it is more likely to be detected and removed than on an unofficial app store. Before installing said app, always check the ratings, reviews, number of installs, and the required permissions – especially SMS permissions when an app has no reason to require them. When downloading banking apps, always check the institution’s website for the official application. Once installed, pay close attention to further requests and any login page that doesn’t look familiar. If you think malware is present on your device, the most reliable way to detect and remove it is using a reputable mobile security solution. In addition, if you think your credentials have been compromised, check your bank account for suspicious transactions (via another channel) and change your passwords and PIN codes.
Although not everyone has gone fully mobile with their banking, a majority of people do utilise some form of online banking to manage their finances. It is important not to let your guard down when banking online, as just like apps, cyber criminals can target your browser with financial malware. In order to protect your credentials from any potential threats, browser protection is crucial.