Image 01 Image 02 Image 03 Image 01 Image 02 Image 03 Image 03 Image 03 Image 03 Image 03 Image 03 Image 03 Image 01 Image 02 Image 03 Image 03 Image 03

Mobile Malware

Attacking Mobile Banking,
Out-of-Band Authentication

Rogue, Malicious and Fake Apps Proliferate 

In 2010, forty fake banking applications were offered through the Android Market, and more than half a million people downloaded the software. In November 2011, a researcher placed “Instastock,” a fake stock ticker, in Apple’s AppStore. The app spoofed Safari Browser code, allowing download of additional software (potentially malicious) from the researcher’s home servers. OS vendors’ ability to ensure no malicious apps penetrate their markets is challenged by the influx of new mobile apps. Currently, both the Android Market and the AppStore include more than 500,000 apps, and this number is growing at a rate of about 20,000 new apps per month. Moreover, in recent years alternative application markets have mushroomed, offering applications not controlled by the mobile operating systems vendors (Google and Apple). 
 

Mobile Malware Exploits Core Device Services 

Cybercriminals can leverage these markets to deliver fake applications that can steal credentials, redirect SMS messages, social engineer users and jailbreak/root devices. “Rooting” or “jail-breaking” operations performed intently by end users break the vendor applied architectural restrictions. These actions provide malicious apps full control over the mobile device, allowing them to manipulate other applications and gain access to all mobile device resources.
Mobile malware protection must allow end users to keep their devices secure, malware-free and enable the financial institution to mitigate fraud by leveraging device risk information.
 

Key Requirements 

  • Detect and Mitigate Mobile Malware Infections and Device Risks
  • Secure Mobile Browsing to Online Banking Sites
  • Leverage Device Risk Information in Mobile Banking Apps and Online
    Banking Sites 
 

Detect and Mitigate Mobile Malware Infections and
Device Risks

Mobile malware protection solutions should be able to detect malware infections and potential security risks, such as rogue apps, operating system security vulnerabilities, and risky device configuration. Solutions must also ultimately provide remediation tools and guidance to
end users.

Secure Mobile Browsing to Online Banking Sites

Each access to the online baking site from a mobile device should be protected against malware attacks such as MitM and MitB.

Leverage Device Risk Information in Mobile Banking Apps and Online Banking Sites

Mobile banking apps and sites should use device risk to adapt business logic and application flow to prevent fraud. Devices with high risk scores can be denied access to online banking or the mobile app and require users to pass stronger step-up authentication. Once users have logged in, FIs can leverage the risk score to restrict access to specific data or functionality, limit transaction amounts, and deny or delay approval of specific transactions.