Android Phone Users Targeted By Latest Anubis Banking Trojan Campaign – Expert Reaction

Android users are targeted in a phishing campaign that will infect their devices with the Anubis banking Trojan that can steal financial information from more than 250 banking and shopping applications.

The campaign uses a devious method to get the potential victims to install the malware on their devices: it asks them to enable Google Play Protect while actually disabling it after being granted permissions on the device.

Experts Comments

February 07, 2020
Tom Davison
EMEA Technical Director
Lookout
Firstly organisations need visibility into potentially vulnerable Android Operating System versions and risky configurations for all devices accessing business data. By taking an active approach to mobile vulnerability management, enterprises can reduce the potential attack surface. Secondly, employees need to be aware of the dangers and prevalence of mobile phishing attacks. Lookout has observed that 1 in 50 mobile devices in the enterprise encounters a phishing attempt daily. Phishing.....Read More
Firstly organisations need visibility into potentially vulnerable Android Operating System versions and risky configurations for all devices accessing business data. By taking an active approach to mobile vulnerability management, enterprises can reduce the potential attack surface. Secondly, employees need to be aware of the dangers and prevalence of mobile phishing attacks. Lookout has observed that 1 in 50 mobile devices in the enterprise encounters a phishing attempt daily. Phishing attacks may target credential theft, or as in this case, attempt to persuade users to install additional malicious applications. With over 83% of phishing attacks coming outside of email, it is not enough to rely on traditional email security. To protect against mobile phishing requires mobile endpoint security on the device itself. This can also keep employees safe from harmful apps and compromised WiFi networks. In addition, employees can limit their own exposure by always installing the latest OS patches, keeping apps up to date, and only installing apps through reputable app stores. When protecting BYOD devices, organisations should look into Mobile Threat Defense solutions that can balance the need for user privacy with the right level of enterprise security. This differs from the traditional approach whereby organisations would try to actively manage all user devices, often seen as intrusive and limiting by employees. Today it is possible for organisations to deploy non-invasive security that protects user privacy and freedom of use, while still ensuring that only secure devices gain access to corporate data.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.