A new malware strain that has been discovered called Vultur and is targeting banking customers using invisible windows and keylogging to capture their banking data on Android phones.
Experts Comments
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.
Be part of our growing Information Security Expert Community (1000+), please register here.
This attack is novel in that it relies on reading and recording a mobile device's screen or keylogging to steal a user's credentials rather than overlay attacks. Screen-reading and keylogging malware can be less a resource-intensive method than overlay attacks that mimic targeted banks' mobile app or mobile website log-in screens. The attack started with a malicious app published on the Google Play Store. While Google does seem to respond to alerts of malicious apps, that's no comfort to
.....Read MoreThis attack is novel in that it relies on reading and recording a mobile device's screen or keylogging to steal a user's credentials rather than overlay attacks. Screen-reading and keylogging malware can be less a resource-intensive method than overlay attacks that mimic targeted banks' mobile app or mobile website log-in screens. The attack started with a malicious app published on the Google Play Store. While Google does seem to respond to alerts of malicious apps, that's no comfort to victims that have already been fleeced of their credentials or funds. A recent report from AV-TEST also showed that Google Play Protect, whose objective is to identify malware, placed last amongst its mobile security app peers. The key takeaway here is that developers/publishers of mobile apps that facilitate payments or other banking activities should not assume their apps and users are protected by the Android operating system or the Google Play Store alone. They need to take additional action with multiple layers of security including strong customer authentication and app shielding which when integrated into a mobile banking app, for example, will continuously monitor the app and shut it down if screenreading or keylogging activity, such as that executed by this Vultur malware, is detected.
Read LessLinkedin Message
@Sam Bakken, Senior Product Marketing Manager, provides expert commentary at @Information Security Buzz.
"..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/vultur-malware-targeting-android-banking-customers
Facebook Message
@Sam Bakken, Senior Product Marketing Manager, provides expert commentary at @Information Security Buzz.
"..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/vultur-malware-targeting-android-banking-customers