Two Attacks On Mobile Banking Are Back

By on

It feels as through every day, a new app is released that makes it easier to pay for something through your mobile device. Whether you’re tapping your phone to a card reader, depositing checks through a mobile banking app, or paying bills online, there are many ways that banks and tech companies have joined to mobilize the payment process. While mobile banking has made it easy to access personal accounts on the go, it also means that, similarly, hackers have that much less work to do in order to gain access to your accounts. And, as mobile banking gets smarter, so do mobile banking hacks.

In 2016, there were 2 major mobile banking Trojans: Faketoken and Tordow. Faketoken created fake login screens so hackers could steal login credentials through financial apps, and login on their own to empty accounts. Tordow came piggybacked on popular apps (think Pokemon Go and Telegram), and would steal sensitive information about the owner of the mobile device by gaining root access.

Both hacks have evolved to meet the security measures that banks and mobile banking apps have taken to protect their users. This time around, the Faketoken hackers have built in the capability to encrypt files into a mobile device’s SD card. The malware also continually asks users for permissions after it has been installed, which would allow more damage to the user’s security further down the line.

Tordow similarly can encrypt files on a user’s mobile device, as well as make calls, send SMS messages, download and install programs, and access contacts, among other dangerous permissions such as manipulate banking data. There are a few main precautions anyone can take to prevent their mobile device from an attack.

  • It’s OK to Be Picky There are loads of apps to be downloaded from the Apple App Store and from Google Play, and if you’re like me, you’ve got pages of unused apps sitting on your device. It’s helpful to be picky about the apps that you choose to download, and those that you choose to keep. Hackers can hitch their own malware on with apps that you download and in turn, gain access your login credentials.
  • Access Not Granted When hackers piggyback their Trojans on to apps, they can also gain access to your mobile device directly by asking for permissions that the app would not otherwise ask for. Stay alert and pay attention to what permissions your apps are requesting, because it’s easy to get into a habit of granting permission for everything that pops up on your phone. To maintain your device’s health, be sure you know what you’re agreeing to. For anything you’re unsure about, deny, deny, deny.
  • Make Your Password as Unique as You Are Passwords are totally useless if they’re easy to guess, or if they’re the same across all accounts. If you use one password to create an account for a newly downloaded apps, it makes it incredibly easy for a hacker to guess the rest of your passwords on your accounts across your device. Whether they want to get into your bank account, or figure out your location data, if an outsider has the password to all accounts, all doors open up.

If you do worry that your phone has been compromised, the first thing you should do is run a mobile anti-virus software. McAfee Mobile Security is free for both Android and iOS, and helps to protect your device and its data from hackers.



Categories: Mobile and IoT Security
Tags: , ,

2 comments on “Two Attacks On Mobile Banking Are Back

Leave a Comment

Similar articles

Today, we at McAfee are announcing some exciting new security solutions and integrations at CES in Las Vegas. For those of you who are unfamiliar with CES, it is the global stage for innovators to showcase the next generation of consumer technologies. McAfee now delivers protection to more than 500 million customers worldwide, and we ...
Read Blog
Your home screen is just a matrix of numbers. Your device loses its charge quickly, or restarts suddenly. Or, you notice outgoing calls that you never dialed. Chances are your smartphone has been hacked. The sad truth is that hackers now have a multitude of ways to get into your phone, without ever touching it. ...
Read Blog
You log in to your favorite social media site and notice a string of posts or messages definitely not posted by you. Or, you get a message that your account password has been changed, without your knowledge. It hits you that your account has been hacked. What do you do? This is a timely question ...
Read Blog