Attacking Mobile Banking,
Rogue, Malicious and Fake Apps Proliferate
In 2010, forty fake banking applications were offered through the Android Market, and more than half a million people downloaded the software. In November 2011, a researcher placed “Instastock,” a fake stock ticker, in Apple’s AppStore. The app spoofed Safari Browser code, allowing download of additional software (potentially malicious) from the researcher’s home servers. OS vendors’ ability to ensure no malicious apps penetrate their markets is challenged by the influx of new mobile apps. Currently, both the Android Market and the AppStore include more than 500,000 apps, and this number is growing at a rate of about 20,000 new apps per month. Moreover, in recent years alternative application markets have mushroomed, offering applications not controlled by the mobile operating systems vendors (Google and Apple).
Mobile Malware Exploits Core Device Services
Cybercriminals can leverage these markets to deliver fake applications that can steal credentials, redirect SMS messages, social engineer users and jailbreak/root devices. “Rooting” or “jail-breaking” operations performed intently by end users break the vendor applied architectural restrictions. These actions provide malicious apps full control over the mobile device, allowing them to manipulate other applications and gain access to all mobile device resources.
Mobile malware protection must allow end users to keep their devices secure, malware-free and enable the financial institution to mitigate fraud by leveraging device risk information.
- Detect and Mitigate Mobile Malware Infections and Device Risks
- Secure Mobile Browsing to Online Banking Sites
- Leverage Device Risk Information in Mobile Banking Apps and Online