Skip to main content

Mobile banking trojans becoming a major threat

(Image credit: Image Credit: MK photograp55 / Shutterstock)

New research has revealed that consumers who use mobile banking apps (opens in new tab) are at a greater risk of being targeted by cybercriminals and falling victim to mobile banking threats. 

Security firm Avast (opens in new tab) conducted an online survey of 40,000 consumers in Spain and eleven other countries in which it asked users to determine whether a banking app was fake or authentic. 

Of those surveyed, 58 per cent identified the official mobile banking app as fraudulent while 36 per cent believed that the fake app was indeed the genuine one.  In Spain, the results were similar at 67 per cent and 27 per cent, though in the UK less users identified the fake interface as the real one at 14 per cent. 

The findings of the survey highlighted the extent to which cybercriminals are willing to go to create sophisticated and accurate clones of trusted mobile apps to spy on consumers, obtain their banking credentials and steal funds from their accounts. 

In recent months, Avast has detected an increasing amount of mobile banking Trojans (opens in new tab) and it is clear that this threat to consumers is growing in popularity among cybercriminals.  According to the survey, Citibank, Wells Fargo, Santander, HSBC, ING, Chase, Bank of Scotland and Sberbank were all targeted by hackers.  Cybercriminals chose these banks over others due to their large customer bases despite the fact that they had strict security measures and safeguards in place. 

A new variant of the BankBot Trojan, discovered last year by Avast, has also been concealed within popular flashlight and Solitaire apps.  After a user opens their mobile banking app, the malware would then create a fake overlay on top of the legitimate app with the aim of stealing login credentials. 

Avast's Senior Vice President and General Manager of Mobile, Gagan Singh offered more details on the survey, saying: 

“We are seeing a steady increase in the number of malicious applications for Android devices that are able to bypass security checks on popular app stores and make their way onto consumers’ phones. Often, they pose as gaming and lifestyle apps and use social engineering tactics to trick users into downloading them. More often than not, consumers can rely on trusted app stores like Google Play and Apple’s App Store to download applications, but extra vigilance is also advised. It’s important to confirm that the banking app you are using is the verified version. If the interface looks unfamiliar or out of place, double-check with the bank’s customer service team. Also use two-factor authentication if it’s available and make sure you have a strong antivirus for Android installed to detect and protect you from money-grabbing malware.” 

While mobile banking apps may be convenient, they are an easy target for cybercriminals and this is why many users forego banking on their mobile devices entirely. 

Image Credit: MK photograp55 / Shutterstock

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.