Android malware steals bank credentials – Is mobile banking safe?
Mobile banking has been steadily gaining popularity, as more and more consumers get access to smartphones with internet capabilities. Today, almost every major financial institution in the world provides their account holders with easy-to-use net and mobile banking systems. But, as with every other good thing out there, malicious intent is never far around the corner. Security concerns related to the use of mobile banking applications have been recently brought to the forefront. The latest Android malware found in the wild is proving to be one of the most dangerous.
A new piece of malware was discovered by security researchers at McAfee, one that primarily targets Android systems. The app can remotely steal a user’s banking credentials from the user’s mobile device, without even triggering anti-malware apps.
As explained by McAfee researcher Carlos Castillo in a blog post, the application, dubbed FakeToken, targets major financial institutions by posing as a Token Generator app. When the application is installed, the malware even goes so far to mimic the targeted bank’s logo and color scheme, adding a certain credibility to the scheme, and making it hard for users to distinguish between the legitimate and the malicious applications.
McAfee’s Castillo added that the malware also contains commands to update itself, spy on the infected system, and create a schedule to auto-run at a later date. The app retrieves all the contact information stored on the phone and serializes this information to send it to a control server.
The security researcher warned that similar malware that target other banking institutions are constantly evolving and with the ever-increasing popularity of Android and mobile banking applications, we can expect even more threats of this kind to appear.
Do you use mobile banking? What, if any, security features would you recommend to avoid problems with malware in the future?