The Federal Bureau of Investigation (FBI) published a public service announcement Wednesday warning the public of anticipated cyber attacks that exploit increased usage of mobile banking apps. The advisory comes at a time when a vast majority of Americans are working from home due to social distancing, and as a result, rely more on mobile apps to do their banking. According to the report, there has been a 50% increase in mobile banking activity since the beginning of 2020. Threat actors are aware of this trend and are capitalizing on it.
There are two types of app-based threats to be cautious of, the first being banking trojans disguised as common apps such as games or tools. These mobile banking trojans are designed to lay dormant until the user’s legitimate banking app is launched. At that point, these trojans overlay the real banking app with a fake login screen that steals credentials. The trojan transfers the user to the legitimate banking app after the username and password have been entered so that they are not alerted to the scam
The second type of mobile banking threat consists of apps that impersonate real financial institutions. These fraudulent applications are widely available in official and unofficial app stores, with the FBI’s report noting 65,000 have been detected in 2018 alone. If downloaded, these apps act as a legitimate login page only to steal the user’s credentials and obtain security codes texted to the mobile device.
PhishLabs has been tracking rogue mobile apps and crimeware for more than a decade and is aware of the damage they can have on enterprises. Our Digital Risk Protection solution detects and mitigates mobile application threats including fake banking apps and app-based banking Trojans.
To defend against fake apps, our platform actively monitors hundreds of official and unofficial app stores to detect any unauthorized applications, remove those abusing your brand, and take down the infrastructure quickly.
We monitor app-based banking Trojans in-the-wild to detect active campaigns. When targeting instructions are sent to infected devices, we are able to identify the targeted brands and data. We then work with our global takedown network to take campaigns offline.
According to the FBI, more than 75% of Americans used mobile banking apps in some form in 2019. With new factors such as the pandemic moving the population to socially distance rather than interact physically with their financial institutions, that number will only rise. Enterprises need to be proactive in their efforts to monitor for these threats and have procedures in place to efficiently identify and action those that are malicious.