It’s well-known in the information security community that mobile malware has grown exponentially the past few years. Now, there’s increasing evidence that criminals are looking for new ways to use such malware to target mobile banking. According to Kaspersky Labs’ latest report, mobile malware designed to steal bankcard information and funnel money from bank accounts increased by a factor of nearly 20 times in the past year.
Featured Download: Social media access at work. Do your employees know the rules?
Banking Trojans can steal sensitive information such as online log-in credentials, bank account numbers, and passwords, which criminals can then use to breach accounts.
Two recent examples of mobile and online banking Trojans demonstrate how quickly criminals are adopting this method of attack:
– RSA researchers recently found source code for a mobile Android banking app Trojan on sale for $5,000 in an underground forum. The app, dubbed iBanking, was used in conjunction with PC malware to get around security mechanisms used by banking websites.
– In another case, Bromium Lab researchers found compromised videos on YouTube’s ad network that were hosting the Styx exploit kit used to proliferate Caphaw, a banking Trojan.
Because mobile banking provides the easiest way for criminals to steal money, it provides the largest target for criminals. The graph below shows the number of mobile banking Trojans that the researchers have collected:
Infographic: Kaspersky Labs
According to Kaspersky Labs, the countries with the highest number of unique attacked users are Russia (40%), India (8%), Vietnam (4%), Ukraine (4%) and the UK (3%). However, mobile malware targeting banking specifically is expected to grow in other countries this year.
About Cyveillance
Cyveillance, a world leader in cyber intelligence, provides an intelligence-led approach to security. Through continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers to preserve their reputation, revenues, and customer trust.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.