Graham Cluely is among those reporting: BankBot Android banking malware targets hundreds of apps on Google Play; The trojan’s deobfuscated data reveals its true intentions. “The app appeared legitimate other than the fact that someone had infected it with the trojan probably around 8 April 2017, which was the last time it had received an update. A closer look revealed that as many as 5,000 users had installed the compromised app onto their devices.” IT security experts from NuData Security and VASCO Data Security commented below.
Robert Capps, VP of Business Development at NuData Security:
“Consumers have been repeatedly told that only reputable online stores should be used to download apps. Yet, this discovery throws that advice into question and leaves the consumer with few options beyond combing reviews, or to download the app directly from the bank’s site where possible. Banking apps are now a fact of life. In 2016, the Federal Reserve reported that banking apps had stable market penetration at around 43 percent of the mobile phone market. Many mobile phone users not using their phones for banking reported security concerns as part of their reluctance, and Trojans like this being found within apps on a major app store only support their concern.
“One of the best protections banks can offer customers is robust account protection that includes a suite of layered authentication technologies that go beyond just username and password credentials. These new solutions authenticate users based on their online behaviors; methods that are extremely resistant to impersonation, don’t rely on credential data, and can even provide banks with options to upgrade user experiences for trusted good customers. These technologies are going to defeat Trojans and malware by making the credentials and payment card details the fraudsters go after obsolete. I’d love to get to the point that fraudsters are holding a bag full of nothing, because that is where these new technologies are taking us.”
Frederik Mennes, Manager, Security Competence Center at VASCO Data Security:
“While mobile banking malware on Android has historically mainly targeted Russian banks and wallet providers, there are now malware families focusing on European and American banks. These malware families aim to steal credentials or credit card details using overlay windows or SMS interception. The rise of mobile banking malware in Europe and the US shows the need for banks to protect their apps using RASP and their users with more advanced forms of authentication.”