FBI Warns That New Types of Mobile Banking Malware Are On the Rise

Malware making its way onto mobile devices is not a new concept. However, it is on the upswing as mobile banking becomes more popular. Cyberthieves are now using new ways to hack their way into bank accounts on mobile devices and this tactic is not likely to go away any time soon. That’s because it’s working.

The FBI is warning that new types of malware that are specifically designed to target banking applications on mobile devices are increasing. Most of the time they are aimed at larger financial institutions, but not exclusively. In fact, a banking-fraud-solutions manager at SAS estimated that the malware called Acecard has customized overlays for 50 financial services applications.

An overlay is a façade of sorts that sits on top of the interface to an actual application. It looks similar enough that it’s often difficult to tell if it’s real or fake. These catch out consumers more often than we’d like to think and if they are successful, malware can get downloaded to the device without the user having any idea. Once the credentials are captured by the thieves, they make their way back to the criminals remotely. They are then used or sold on the Dark Web for around $1 apiece. The malware to do this costs about $15,000. However, the payoff to criminals can be far more.

One sign that malware has managed to make its way onto your mobile devices if it asks for any additional personally identifying information, such as a social security number or birthdate.  If yours does, it’s not legitimate and you should not continue entering your login credentials.

The FBI believes that the reason this type of malware is gaining ground is because people often fail to install anti-malware on their phones and tablets. This leaves them vulnerable to additional attacks. Therefore, be sure to install this on your devices. Do some research on the available options for your products and get the right one for your device. Make sure to read the reviews and that it’s from a reputable company.

In addition, any application that you install should come from the official app store for your device. The malware affects both Android and iOS devices. Sideloading, or getting them from locations other than the app stores adds additional risk. Those are not usually put through as much security scrutiny and therefore may not be as safe to download. The FBI identified this as a problem as well.

If your financial institution offers multi-factor authentication before allowing access to your account, take advantage of it. While some malware has been known to thwart this additional security step, it is still better to take the time to do it. This could mean entering an access code that is sent via text, but could also entail entering a randomly generated code from a key fob that the institution can provide to you.

These crimes can be difficult to track. Those who fall victim may not even know it’s happened until long after the damage has been done. So, don’t underestimate how vulnerable your phone can be. Just because it hasn’t left your side, doesn’t mean someone hasn’t been inside it.

© Copyright 2016 Stickley on Security