Mobile banking Trojans spread confusion worldwide

Consumers around the world that use mobile banking apps are at a greater risk of being tricked by cybercriminals and falling victim to mobile banking theft. This is according to new global research from Avast, which asked almost 40,000 consumers in Spain and eleven other countries around the world to compare the authenticity of official and counterfeit banking application interfaces.

Mobile banking Trojans spread confusion worldwide

Fraudulent software sometimes difficult to identify

Globally, 58% of respondents identified the official mobile banking app interface as fraudulent while 36% mistook the fake interface for the real one. In Spain, the results were similar at 67% and 27% respectively, compared to 40% and 42% in the U.S.

The findings highlight the level of sophistication and accuracy applied by cybercriminals to create trusted copies designed to spy on users, collect their bank login details, and steal their money.

Cybercriminals targeting banks

Researchers detected a number of mobile banking Trojans in recent months – a privacy and security threat that is on the rise. The banks targeted by cybercriminals and under the microscope in the survey include Citibank, Wells Fargo, Santander, HSBC, ING, Chase, Bank of Scotland and Sberbank.

Despite having strict security measures and safeguards in place, the large customer bases of each bank make them attractive targets for cybercriminals to develop fake apps that can mimic their official apps.

BankBot Trojan on Google Play

In November last year, Avast discovered a new strain of the BankBot Trojan on Google Play targeting consumers’ bank login details. This latest variant was concealed in supposedly trustworthy flashlight and Solitaire apps. Once downloaded, the malware would initiate and target the apps of large blue chip banks. If a user opened the banking application, the malware would create a fake overlay on top of the genuine app with the goal of collecting the customer’s banking details and sending them on to the attacker.

“We are seeing a steady increase in the number of malicious applications for Android devices that are able to bypass security checks on popular app stores and make their way onto consumers’ phones. Often, they pose as gaming and lifestyle apps and use social engineering tactics to trick users into downloading them”, said Gagan Singh, Senior VP and General Manager of Mobile at Avast.

“More often than not, consumers can rely on trusted app stores like Google Play and Apple’s App Store to download applications, but extra vigilance is also advised. It’s important to confirm that the banking app you are using is the verified version. If the interface looks unfamiliar or out of place, double-check with the bank’s customer service team. Also use two-factor authentication if it’s available and make sure you have a strong antivirus for Android installed to detect and protect you from money-grabbing malware.”

Consumers are worried

The survey also found that consumers across the globe are more concerned about having money stolen from their checking accounts than losing a wallet or purse or having their social media accounts hacked and their personal messages read. Globally, 72% of respondents voiced financial loss as their primary concern. In Spain, 85% of consumers said the same and 71% in the U.S.

43% of survey respondents worldwide said they use mobile banking apps. In both Spain and the U.S., 46% said they were active users. Of the respondents that don’t bank via smartphone or tablet, 30% pointed to a lack of security as the leading concern. This concern was shared by 21% of the respondents in Spain and 36% in the U.S.

Don't miss