232 Banking Apps in Danger
In the current digital world, every service is now moving towards online and it has made a tremendous effect over past two decades as well. But like other things there are loopholes present in it and bad people are using them to do illegal activities like cyber crime.
Recently banks are warning their customers of the risk of their mobile banking being stolen by a malware that behaves like a flash player sent to them through unwanted messages or via pop-ups on the website.
The security warning was initially provided by the IT Security and Solutions Company Quick Heal Security Labs that it has detected an Android Banking Trojan that targets over 232 banking apps (including those that are offered by the Indian Banks). It is known as Android.banker.A2f8a (previously detected as Android.banker.A9480).
According to Mr. Nitin Bhatnagar of SISA Information Security, this malware works similar to a phishing website. It works in Background and send fake notifications which actually appears like these are send via a genuine banking application. When the Android mobile phone user open such notification, they are redirected to the fake login screens that are then used by the cyber criminals to steal and extract confidential data. Another dangerous activity of this malware is that it also intercepts SMSs sent by banks and is able to access the OTP (one time password) as well. OTP are used to provide extra level of security when doing any kind of transaction so when the attacker accesses your bank account, he can also get the OTP which gets generated when he tries to steal your money.
IDBI Bank, in a communication to its customers has advised them to adopt best practices to continue using mobile banking in a more digitally secure manner. It includes:
- Not Install applications from untrusted sources
- Be careful while visiting unfamiliar sites for clicking links
- Do not use “Jailbroken” or “rooted” mobiles for banking transactions
Jailbroken and rooted phones allow users to install and do granual changes to the operating system that can lead to malicious apps being installed if the user is careless. A private lender said to their customers that Adobe Flash player is inbuilt in Android mobile browsers since version 4.1 and official versions are not being offered in google play store. So do not try to download from any unofficial sources.
“For mobile applications there are no standards as such but there are best practices available for secure coding. Banks procuring apps from third party vendors need to make sure that the vendor provides all test reports showing that they follow the payment application data security standards (PA-DSS).” said Mr. Bhatnagar.