By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Equifax hacked — what can you do?
    12 months ago
    A wave of Telegram hacks hits: How to protect your account
    12 months ago
    Hijacking online accounts through voicemail
    12 months ago
    Latest News
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
    5 days ago
    Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
    6 days ago
    Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
    7 days ago
    Agent Tesla’s Unique Approach: VBS and Steganography for Delivery and Intrusion
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    For 0-day vulnerabilities in Windows, temporary patches
    11 months ago
    Windows 11 22H2 (build 22621.317) outs in the Release Preview Channel
    12 months ago
    How to avoid problems installing Windows 11 22H2
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    7 months ago
    Now you can speed up any video in your browser
    7 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    8 months ago
  • How To
    How ToShow More
    Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
    Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
    16 hours ago
    Cloudflare account permissions, how to use them, and best practices
    Cloudflare account permissions, how to use them, and best practices
    16 hours ago
    Announcing Cloudflare Incident Alerts
    Announcing Cloudflare Incident Alerts
    16 hours ago
    Welcome to Birthday Week 2023
    Welcome to Birthday Week 2023
    2 days ago
    A new wave of innovation with Edge, your AI-powered browser
    3 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to find out who is listening to you and how to turn it off?
    11 months ago
    The most convenient way to find music from TV shows, movies and games
    11 months ago
    Easter egg “Unicorn” in Firefox
    11 months ago
    Latest News
    How to use image layers on Paint for Windows 11
    6 days ago
    How to disable Copilot on Windows 11 (completely)
    2 weeks ago
    How to blur image background in Photos for Windows 11
    2 weeks ago
    How to hide text from screenshots on Snipping Tool for Windows 11
    2 weeks ago
  • Glossary
  • My Bookmarks
Reading: Mobile banking Trojans: what they are and how to protect against them
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Mobile banking Trojans: what they are and how to protect against them

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
8 Min Read

1. Why do I need to read this?

This article will help you to protect the money in your bank account.

Contents
1. Why do I need to read this?2. Mobile banking Trojans — what are they?3. Who is at risk?4. Are they really that dangerous?5. How do mobile Trojans infiltrate smartphones and tablets?6. Are you kidding? Even Google Play isn’t safe?7. I have an iPhone, so I don’t have to worry, right?8. How exactly do they steal the money?9. How can I tell if my smartphone is infected?10. Which Trojans are the most dangerous?11. How can I protect myself?12. My money was stolen! What should I do?

2. Mobile banking Trojans — what are they?

Every smartphone is a compact computer equipped with its own operating system and software, and so, just like PCs, smartphones are targeted by malware. Mobile banking Trojans are one of the most dangerous species in the malware world: They steal money from mobile users’ bank accounts.

3. Who is at risk?

People who own gadgets and use banking apps or buy something using application stores or in-app purchases. Android users run the highest risk of being attacked by mobile banking Trojans: 98% of them are designed for this ubiquitous OS.

Throughout 2016 mobile banking Trojans actively attacked users from Russia, Germany, and Australia. Other countries in the top 10 are South Korea, Uzbekistan, China, Ukraine, Denmark, Kyrgyzstan, and Turkey.

4. Are they really that dangerous?

This type of Trojans is one of the most significant threats of the decade. In 2016 alone, we detected more than 77,000 samples of mobile banking installers. This threat shows no sign of fading away any time soon.

Banking Trojans: mobile’s major cyberthreat #malware https://t.co/qWtgJjbCjq pic.twitter.com/qpyQEJvYHG

— Kaspersky Lab (@kaspersky) September 30, 2015

5. How do mobile Trojans infiltrate smartphones and tablets?

It’s hard to believe, but users download mobile banking Trojans themselves. In most cases cybercrooks disguise Trojans as legitimate apps and lure people into installing the malware.

Cybercriminals tend to publish malicious apps on third-party app stores, send phishing text messages containing malicious URLs, and sometimes go as far as sneaking into the official Google Play store.

6. Are you kidding? Even Google Play isn’t safe?

Unfortunately, it isn’t entirely safe. Although the Play Store employs a series of protections, it cannot repel 100% of all threats. Android users are frequently tricked into downloading malicious apps posing as legitimate ones. Such malicious apps include mobile banking Trojans — for example, the notorious Acecard.

The continual evolution of #mobile #malware – https://t.co/lev9ovlF4j pic.twitter.com/lZMRPKVblr

— Kaspersky Lab (@kaspersky) March 2, 2016

7. I have an iPhone, so I don’t have to worry, right?

Yes and no. To date, we have not heard of any case of an iPhone being infected with a banking Trojan, but malicious apps have managed to infiltrate the App Store on various occasions. For example, some six months ago, the XcodeGhost Trojan infected more than 40 legitimate iOS apps, including the very popular Chinese messaging app WeChat.

iPhone owners should keep their eyes open. Apple doesn’t allow antivirus apps in iOS, so once there is a working Trojan for iOS, users will face the threat on their own.

However, if your iPhone is jailbroken, you are at much heavier risk. Jailbreaking means basically destroying all the protection that Apple has built for its operating system, so it’s much easier for cybercriminals to infect a jailbroken device.

8. How exactly do they steal the money?

Usually it works like that. Once the banking app is launched, the Trojan displays its own interface overlaying the banking app’s interface. As a user inputs credentials, the malware steals the information.

Be especially careful with apps that request permission for access to SMS

To fool the user, a mobile banking Trojan must be able to impersonate a banking app convincingly. The most effective Trojans can impersonate dozens of banking apps, payment services, and even instant messaging apps.

There is one critical stage in the process of stealing money — hijacking SMS with one-time passwords sent by the bank’s system as part of two-factor authentication. That’s why mobile banking malware needs permission to access SMS, and that’s why you need to be extremely cautious with all apps that request such permission.

In simple words: how Trojans fool 2-factor authentication & steal money from mobile banks https://t.co/kfqKtUq3tY pic.twitter.com/7S2b5BCS0v

— Eugene Kaspersky (@e_kaspersky) March 14, 2016

Mobile Trojans can steal money either in small portions over months or at once.

9. How can I tell if my smartphone is infected?

The most obvious sign is losing money. Comb through your bank transactions regularly. If you see no suspicious transactions but would like to check your phone anyway, use the free Kaspersky Antivirus & Security for Android to scan your device.

Protecting your #money: everything you need to know about #mobile #bankers, plain and simple

Tweet

10. Which Trojans are the most dangerous?

OpFake is a very industrious Trojan that mimics the interfaces of almost 100 banking and finance apps. The Acecard family is also very strong: able to impersonate more than 30 banking apps or overlay any app’s interface on command. In 2016, the Asacub, Svpeng, and Faketoken Trojans swarmed Russia.

Evolution of #Asacub trojan: from small fish to ultimate weapon – https://t.co/lLv0pY4lol #infosec #mobile #banking pic.twitter.com/gAM3zzy7aC

— Kaspersky Lab (@kaspersky) January 20, 2016

11. How can I protect myself?

  • Enable SMS notifications for your mobile bank. Not all banking Trojans hijack SMS, and, in general, it’s a very effective way to monitor your account.
  • Download apps only from official stores: Google Play Store for Android, Apple App Store for iOS, and so forth.
  • Look carefully at the rights each app requests. Those that request permission for access to SMS require further scrutiny.
  • Install an antivirus solution — like Kaspersky Antivirus & Security for Android.

12. My money was stolen! What should I do?

Immediately contact your bank to freeze your card(s) and dispute the transaction in question. In some cases, banks don’t send transfers right away, so there is a chance your money isn’t actually gone yet.

5 lessons I learned from having my credit card hacked https://t.co/HVSJGCHlFG #onlinepayment pic.twitter.com/qsytYC83wv

— Kaspersky Lab (@kaspersky) November 12, 2014

Make sure you remove the malicious app from your device, and check your smartphone with antivirus software.

Finally, we suggest rereading the previous answer to avoid this situation in the future.


Source: kaspersky.com

Translate this article

TAGGED: Apple, Authentication, DoS, Malware, Phishing, PoC, Security, Software, Threat, Threats, Trojan
Vitus White October 13, 2022 September 30, 2019
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Apps 16 hours ago
Cloudflare account permissions, how to use them, and best practices
Cloudflare account permissions, how to use them, and best practices
Apps 16 hours ago
Announcing Cloudflare Incident Alerts
Announcing Cloudflare Incident Alerts
Apps 16 hours ago
Welcome to Birthday Week 2023
Welcome to Birthday Week 2023
Apps 2 days ago
A new wave of innovation with Edge, your AI-powered browser
Windows 3 days ago

You Might Also Like

Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Apps

Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)

16 hours ago
Cloudflare account permissions, how to use them, and best practices
Apps

Cloudflare account permissions, how to use them, and best practices

16 hours ago
Announcing Cloudflare Incident Alerts
Apps

Announcing Cloudflare Incident Alerts

16 hours ago
Welcome to Birthday Week 2023
Apps

Welcome to Birthday Week 2023

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
Critical Vulnerability in Forminator Plugin
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme
How to download Windows 11 22H2 ISO after 23H2 releases
Previous Next

10 New Stories

Curator can help you with PC Game Pass picks
Cloudflare Email Security now works with CrowdStrike Falcon LogScale
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
How to use image layers on Paint for Windows 11
New! Rate Limiting analytics and throttling
Previous Next
Hot News
Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Cloudflare account permissions, how to use them, and best practices
Announcing Cloudflare Incident Alerts
Welcome to Birthday Week 2023
A new wave of innovation with Edge, your AI-powered browser
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?