As cyber criminals glance upon the chance of exploiting data under the COVID-19 lockdown, a warning has been issued by the FBI regarding the expected surge of mobile banking apps exposed to the risk of getting compromised.

Industry figures show a third quarter of Americans used mobile banking last year and the usage has heightened by 50% since the start of 2020. This figure was revealed by FBI Bureau’s Internet Crime Complaint Center (IC3) during a public service announcement.

“With city, state and local governments urging or mandating social distancing, Americans have become more willing to use mobile banking as an alternative to physically visiting branch locations,” said the IC3 representative.

This situation has been implemented in other parts of the world and the use of mobile banking apps have gotten great receptions to enable businesses to run and let transactions flow in this trying times.

“The FBI expects cyber-actors to attempt on new mobile banking customers using a variety of techniques, including app-based banking Trojans and fake banking apps,” IC3 stated on the scamming strategies to be used.

App-based banking Trojans and fake banking apps share the same goal, as their objective is to take on credentials from victims’ bank accounts and alas, stealing the money from them.

However, both strategies are executed differently. ESET malware researcher Lukáš Štefanko explains the distinction between the two.

“Banking trojans are devious, as they try to make users install apps that are fun or useful and totally harmless. Think games, battery managers and power boosters, weather apps, video players and so on,” Štefanko giving examples of the apps where trojan lies and hidden.

Štefanko revealed that such apps are ticking bombs, ready to strike users when users are about to enter into their banking apps.

The strategy goes by the trojan deploying attack by masking a fake login screen over user’s legitimate banking app. This is how banking trojan works to enable stealing of credentials without the user realizing.

On the other hand for fake banking apps, Štefanko stated that this strategy is more straightforward as the apps are highly likely to be seen as the real deal.

Imagine having to instantly login into a fake CIMB app? That’s how simple the harvesting goes for fake banking app compared to the prior.

The FBI urges users to only download apps from official app stores and banking websites.

Do not ever neglect your passwords, use password managers to create strong credentials. If possible, switch on multi-factor authentication for a better security interface.

Condition Zebra is an advocate for a highly maintained security, to ensure organizations and individuals are not compromised.

We have experts in conducts of penetration testing and we look into helping those in need of an all year round protection against cyber threats.

To give our expertise a test run, do find us here for a FREE vulnerability assessment for your infrastructure.

We look forward to catering to first timers dealing with their IT environments.

Source :
Infosecurity Magazine, We Live Security by ESET