Mobile banking apps are a convenience but they also pose a risk to users. A new global research carried out by Avast shows that consumers using mobile banking apps are at a greater risk of falling victim to theft of banking information. The research is based on comparative data gathered by 40,000 consumers in 12 countries – the U.S., UK, France, Germany, Russia, Japan, Mexico, Argentina, Indonesia, Czech Republic, Brazil, and Spain.
Banking Trojans on the Rise, Consumers Should Be Extra Alert
On a global scale, 58 percent of the participants in the research identified the interface of an official mobile banking app as fraudulent, whereas 36 percent confused the fake interface for the real one. These results perfectly illustrate how sophisticated and authentic fraudsters have become in their attempts to trick users and steal their banking information and respectively, money.
On top of these results, security companies have been identifying more and more mobile banking Trojans, meaning that this threat is gradually increasing. In the research performed by Avast several banks turned out to be particularly targeted by criminals – Citibank, Wells Fargo, Santander, HSBC, ING, Chase, Bank of Scotland and Sberbank.
Even though these bank have strict security measures and safeguards, their large customer bases of make them attractive targets for cybercriminals to develop fake apps that can mimic their official apps, the research pointed out.
A great example of an evolving banking Trojan for mobile devices is BankBot. The banking Trojan landed for the first time in January, 2017, when attackers used the source code of an unnamed Android banker. Attackers took the code and transformed it into BankBot. Research indicates that the Trojan has been used in attacks on banks in Russia, the UK, Austria, Germany, and Turkey.
Last year BankBot was also upgraded to conceal itself so that it avoids Google’s security scanner. Three different active campaigns were detected and taken down.
According to security researchers, two new BankBot campaigns were quickly created to replace the ones that were taken down, and once again bypassed Google’s security checks. What is more troublesome is that BankBot targeted 428 legitimate banking apps.
As explained by Gagan Singh, Senior Vice President and General Manager of Mobile at Avast:
We are seeing a steady increase in the number of malicious applications for Android devices that are able to bypass security checks on popular app stores and make their way onto consumers’ phones. Often, they pose as gaming and lifestyle apps and use social engineering tactics to trick users into downloading them.
Consumers Increasingly Concerned with Using Online Banking Apps
The research also revealed that consumers around the world are more concerned about being “robbed” online than losing a wallet in real life, or having their social accounts hijacked. 72 percent of the research participants said that financial loss is their primary concern in terms of fraudulent activities they encounter.
Approximately two in five people that took part in the survey said that they rely on mobile banking apps. Not surprisingly, the main reason for consumers that don’t use such apps is the concern of security, which makes 21 percent of surveyed consumers in Spain, and 36 percent in the U.S.
More often than not, consumers can rely on trusted app stores like Google Play and Apple’s App Store to download applications, but extra vigilance is also advised. It’s important to confirm that the banking app you are using is the verified version. If the interface looks unfamiliar or out of place, double-check with the bank’s customer service team. Also use two-factor authentication if it’s available and make sure you have a strong antivirus for Android installed to detect and protect you from money-grabbing malware.