Banking Malware: Countering the threats with certified (browser) protection

These days, there isn’t much that can’t be done on mobile, and that includes banking. Banking apps are quickly becoming the go to method of managing finances, and as a result, mobile banking malware targeting Android phones has become a serious and somewhat underestimated threat. For malware creators motivated by financial gain, banking apps provide an accessible and potentially lucrative opportunity.

While the mobile threat landscape is constantly evolving as malware increases in sophistication, most banking malware falls into two main categories – sophisticated banking trojans, and fake banking apps. For their victims, both types of malware have the same end goal: to steal their money or their bank account credentials. In order to obtain this information, android banking malware makes use of phishing and fake login forms, however, the two methods utilize different strategies in order to deceive their victims.

As their name would suggest, sophisticated banking trojans hide behind a seemingly legitimate mask to gain users’ trust. They are often found lurking in unofficial app stores, but can sometimes make their way into the official Google Play store too. Banking trojans can come in the form of games, widgets, battery managers, video players, or even as we’ve seen recently, horoscope themed apps.

While some apps provide no functionality and only harbour malware, others work as expected, making it even more difficult for users to detect an issue. Once installed on the android device, these trojan apps overlay the screens of targeted applications with phishing screens, which are often virtually indistinguishable from the real login screen. While banking apps are the most common target, trojans can also target social media and messaging apps, booking apps, or online stores in order to obtain debit/credit card credentials.

Where the trojan malware is all about stealth and remaining undetected on the device for as long as possible, fake banking apps are more straightforward. As the name suggests, fake banking apps aim to imitate legitimate banking apps in the hopes a victim will download them for the purpose of banking. In order to be successful then, these apps must appear legitimate and trustworthy in their presentation. These apps are also spread through unofficial app stores and the Google Play store.

A good indicator of potential malware is a mismatched app category (for example the app is listed under the ‘Health & Fitness’ category) or an unfamiliar developer name. Unlike trojans, fake banking apps usually focus on just one financial service to impersonate, some malware authors take advantage of the absence of an official mobile app or claim to be the legitimate app with more functionality or rewards. Once installed, these apps rely on fake login forms to harvest users’ credentials.

Both types of malware are steadily on the rise, and with mobile banking only increasing in popularity, it is important to stay vigilant and know how to spot and remove banking malware. To start, only install apps from the Google Play store; while malware can occasionally sneak in, it is more likely to be detected and removed than on an unofficial app store. Before installing said app, always check the ratings, reviews, number of installs and the required permissions – especially SMS permissions where an app has no reason to require them. For banking apps, always check the institution’s website for the official application. Once installed, pay close attention to further requests and any login page that doesn’t look familiar. If you think malware is present on your device, the most reliable way to detect and remove it is using a reputable mobile security solution, such as ESET’s Mobile Security & Antivirus for android. In addition, if you think your credentials have been compromised, check your bank account for suspicious transactions (via another channel) and change your passwords and PIN codes.

Although not everyone has gone fully mobile with their banking, a majority of people do utilise some form of online banking to manage their finances. It is important not to let your guard down when banking online, as just like via apps, cyber criminals are able to steal your credentials by targeting your browser with financial malware. In order to protect your credentials from any potential threats, browser protection is crucial. ESET Internet Security provides advanced internet security and anti-virus protection while you’re online. The online banking and shopping security feature is specifically designed to protect your online payments and prevent unauthorized access to your computer.

Additionally, ESET Internet Security is MRG Effitas Online Banking / Browser Security certified – MRG Effitas are at the forefront of online banking testing, and are the only testing house in the world whose tests map 100% against in-the-wild threats. Whether you use online banking or mobile banking apps, ESET’s variety of products ensure you can shop and bank online knowing you’re in safe hands.

Although malware is constantly evolving and growing in sophistication, understanding the potential threats and malware conduits is still beneficial. If you know what to look for, you know what not to fall for.