Android users are under an increasing risk of identity theft and financial repercussions following a series of recent events that have brought Android banking malware cases to the forefront of the cybersecurity debate. The most recent incidents include a banking Trojan designed to steal money leaked online by an underground hacking forum, and a DDoS attack targeting Lloyds Bank Group mobile apps. The increasing frequency of these events calls for urgent action from financial institutions, many of which are being actively targeted because of their negligent approach to mobile security. This is according to app security specialist Promon.
The cybercrime scene has rapidly evolved from being a garage business to a mature, large-scale, market-based economy, which seeks monetary fulfilment as its modus operandi. Naturally, banks are at the very core of their interest.
Cyber-enabled fraud alone went up 1,266% on 2015 figures, according to the Fraud Barometer reported by KPMG, with cases including a £113 million cyber fraud – the largest recorded in UK Courts since 2008. Sophisticated techniques today enable cybercriminals to employ a creative approach, meaning that ransomware, identity theft, malware and any other types of online crime are constantly being refined and upgraded by cybercriminals.
Lars Lunde Birkeland, Head of Communication at Promon said: “What we are seeing now is a steady development of a thriving internet of malware – a place where cybercriminals can work on their skills, share tips and tricks and create a community that is seeing the financial sector as a highly lucrative target, with the mobile channel a rapidly growing area for exploitation.
“Despite this clear and present danger, banks and financial institutions are still failing to fully comprehend the scale of the threat on their doorstep.”
The Trojan dubbed BankBot has already been identified as targeting Russian Android device owners’ bank details – moreover, it can intercept SMS texts, track the device, make calls and ultimately steal contacts and sensitive data, such as credit card information.
“Given the international nature of cybercriminal activity, in theory nothing is stopping BankBot criminals from turning their heads towards the hefty congregation of British Android device users. In fact, it would come as no surprise, given that 3.6 million fraud offences have been registered in the 12 months to September 2016,” added Birkeland.
“There will be serious consequences for banks if no action is taken. As the smartphone penetration rate in the UK continues to grow, hackers will have a broader attack surface on which to plan their activities. Banks need to see mobile security as their own problem, rather than one of a device manufacturer or operating system.
“Without taking steps to strengthen their apps and mobile platforms, it is only a matter of time until a backlash, which could have catastrophic financial and reputational consequences”, concluded Birkeland.