Banking malware threats are increasing sharply

Banking malware threats are sharply increasing as cybercriminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentials and credit card information, a Nokia report reveals.

The report, based on data aggregated from network traffic monitored on more than 200 million devices globally, showed an 80%, year-on-year increase in the first half of the year in the number of new banking trojans, which also try to steal SMS messages containing one-time passwords.

“A significant amount of this activity is focused in Europe and Latin America, but this activity is continuously spread to other regions of the world,” according to the report. “Banking trojans use a variety of tricks to collect the information. These include capturing keystrokes, overlaying bank login screens with their own transparent overlay relaying captured information to the intended target, taking screen snapshots, and even accessing Google Authenticator codes.”

Banking malware threats targeting mainly Android phones

Banking malware has been targeted mainly at Android phones, for years the most targeted mobile device type for cybercriminals due to Android’s ubiquity and developer openness, with some banking trojans among the most successful malware attacks in 2021.

The report says that most banking applications allow users to add a multi-factor authentication feature to their accounts to make it more difficult for cybercriminals to obtain personal information. Users are strongly recommended to avoid mobile banking from easily accessible public WiFi access points; and to use both multi-factor authentication when available and strong passwords, which avoid common personal details like birthdays.

The report also found that COVID-19 related malware incidents in residential networks have leveled off at 2.5% after a peak in December 2020 of 3.2%. This demonstrates that people are more aware of the threats posed by COVID-related cyber-attacks and are taking steps to secure their home working environment.

IoT botnets increasing in size and sophistication

IoT botnets, a network of devices connected with malware, continue to grow in size and sophistication, due to the rising use of IoT devices, like “smart” refrigerators and video surveillance cameras. One known as Mozi, which uses a peer-to-peer command and control protocol, has been used to create botnets consisting of around 500,000 individual devices.

Mozi actively scans the network and uses a suite of known vulnerabilities to exploit additional IoT devices. IoT botnets are responsible for 32% of the malware incidents detected.

Kevin McNamee, Director of Nokia‘s Threat Intelligence Center, said: “Cybersecurity threats only evolve and look for new opportunities, as shown by this year’s report. Banking trojans have dramatically increased over the last year as digital banking becomes more prevalent – and this is a trend we see continuing into the future which reinforces the need for better online practices and having robust endpoint security in place.”