Banking Malware Threats Rise over Mobile Banking Popularity –NOKIA
The Nokia 2021 Threat Intelligence Report announced today shows that banking malware threats are sharply increasing as cybercriminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentials and credit card information.
The report, based on data aggregated from network traffic monitored on more than 200 million devices globally where Nokia’s NetGuard Endpoint Security product is deployed, showed an 80%, year-on-year increase in the first half of the year in the number of new banking Trojans, which also try to steal SMS messages containing one-time passwords.
“A significant amount of this activity is focused in Europe and Latin America, but this activity is continuously spread to other regions of the world,” according to the report.
“Banking Trojans use a variety of tricks to collect the information. These include capturing keystrokes, overlaying bank login screens with their own transparent overlay relaying captured information to the intended target, taking screen snapshots, and even accessing Google Authenticator codes.”
Banking malware has been targeted mainly at Android phones, for years the most targeted mobile device type for cybercriminals due to Android’s ubiquity and developer openness, with some banking Trojans among the most successful malware attacks in 2021.
The Threat Intelligence Report says that most banking applications allow users to add a multi-factor authentication feature to their accounts to make it more difficult for cybercriminals to obtain personal information.
Users are strongly recommended to avoid mobile banking from easily accessible public Wi-Fi access points; and to use both multi-factor authentications when available and strong passwords, which avoid common personal details like birthdays.
The report also found that Covid-19 related malware incidents in residential networks have levelled off at 2.5% after a peak in December 2020 of 3.2%. This demonstrates that people are more aware of the threats posed by Covid-related cyber-attacks and are taking steps to secure their home working environment.
IoT botnets, a network of devices connected with malware, continue to grow in size and sophistication, due to the rising use of IoT devices, like “smart” refrigerators and video surveillance cameras.
One known as Mozi, which uses a peer-to-peer command and control protocol, has been used to create botnets consisting of around 500,000 individual devices. Mozi actively scans the network and uses a suite of known vulnerabilities to exploit additional IoT devices. IoT botnets are responsible for 32% of the malware incidents detected by Nokia’s NetGuard Endpoint Security.
According to Nokia, between 2020 and 2021, the monthly infection rate in mobile devices dropped from 0.23% to 0.12%, an improvement it attributed to better security at official app stores and the fact that all observed networks used Nokia NetGuard Endpoint Security to protect the smartphones and IoT devices deployed in those networks.
The Android platform remains the most targeted mobile device, accounting for 50% of observed malware incidents, the report noted. In fixed broadband residential networks, the monthly infection rate increased throughout the second half of 2020 due to work-from-home activity and an uptick in COVID-19-related attacks.
The infection rate then levelled off to 2.5% for most of 2021 as individuals and companies adapted to the new work-from-home paradigm.
In 2021, there was a fourfold increase in malware activity on Mac devices, driven largely by adware while the report stated that Android banking Trojans designed to steal banking credentials became more widespread.
“There were several significant supply chain attacks, including those against SolarWinds and Codecov. Ransomware as a service reached new levels with the Colonial Pipeline and Kaseya incidents.
“IoT botnet activity continued to increase and reached a new high. These trends are likely to continue. The introduction of 5G and multi-access edge computing will introduce more IoT devices and further open up the attack surface”, the Nokia Intelligence report added.
It maintained that the best defence for network operators is active monitoring for the malware activity and automated response to eliminate or minimize the damage.
Spotlight on key threats
In addition to the broader security trends observed over the last year, three specific threats stood out as being especially noteworthy.
The number of Trojans targeting banking information through Android mobile devices has skyrocketed, putting millions of users around the world at financial risk.
Malware app developers are getting better at bypassing the security measures intended to keep harmful apps out of official app stores.
And Mac users, historically at lower risk of malware, are increasingly being targeted with adware. This section offers a closer look at each of these key threats.
Android banking Trojans As of early 2021, there were 5.22 billion unique mobile users worldwide — and nearly 80% of them had used their mobile devices for online purchases.
In the U.S., 87% of Americans used a mobile device to check their bank balance in 2020.1 These numbers have paved the way for a new type of threat with the potential to affect individuals directly.
Although headlines in 2021 were focused on ransomware, Nokia’s Threat Intelligence lab noted a dramatic increase in the number of new banking Trojans targeting Android devices.
Banking Trojans are designed to steal banking credentials, credit card numbers and SMS messages (used to provide one-time passwords) for fraudulent purposes.
Much of this activity is currently focused in Europe and Latin America but is expected to spread continuously to other regions of the world.
Banking Trojans can arrive on smartphones in a variety of ways, often disguised as common and useful apps.
When run, they request a variety of permissions needed to perform their desired behaviour, then often remove their icon from the application pane, effectively disappearing from the device.
In many cases, the apps never provide the promised functionality that enticed the phone’s owner to install them and are forgotten quickly after disappearing.
However, they remain installed and continue to run as background tasks, using a variety of tricks to collect user information.
These may include capturing keystrokes, superimposing their own transparent overlays onto bank login screens, taking screenshots and even accessing Google Authenticator codes.
The following were the most notable banking Trojan families infecting Android phones in 2021:
• FluBot is typically disguised as a package tracking app from a major courier company. The user receives an SMS message indicating that a parcel is being delivered and is offered a download link to a bogus tracking app.
FluBot uses a domain name generation algorithm (DGA) to connect with its command and control server, which makes it difficult to sinkhole.
• TeaBot comes disguised as a video app (or other useful apps) to trick the user into installing it. When run, the app acts as a remote access Trojan, allowing its distributor to exercise considerable control over the infected device.
• BlackRock was first discovered in 2020 and is typically disguised as an Android or Google update, distributed through a third-party app store.
Like other banking Trojans, it uses login screen overlays and SMS message capture to acquire banking credentials, but it also tries to gather additional personal information from the phone and installed apps, including dating, shopping, lifestyle and productivity apps.
• Cerberus has been around since 2019 and is “leased” to malicious actors wishing to distribute it to collect banking credentials in their region. It operates similarly to other Android banking Trojans, but more modern versions also leverage TeamViewer to allow the author to gain remote access to the device.
• Mandrake is a highly sophisticated spyware package focused on gaining access to financial information and credentials.
This Android threat has been around for five years and has seen bug fixes and feature enhancements added to it over that time. Typically, Mandrake gets installed via a benign-looking dropper app in Google Play or a third-party app store.
Once installed, the dropper app installs Mandrake disguised as a system application, such as a firmware update.
• Banker.GXB may be disguised as a variety of useful tools, including power managers, storage cleaners, performance boosters and horoscope utilities, originally found in the Google Play store in 2018.
Like other banking Trojans, Banker.GXB impersonates legitimate banking applications and steals SMS messages. Unlike most banking apps, which never provide their promised functionality, Banker.
GXB apps at least provide the appearance of performing their intended function to avoid suspicion. How to deal with Android banking Trojans Once a Trojan is installed and running on a phone, it can be difficult to remove it.
The original application may have disappeared from the application pane, but its icon can still be found using the app manager.
On older versions of the Android operating system, many banking Trojans will resist removal using various tricks such as sending the user to the desktop as soon as they select the malicious app in the app manager.
In these cases, the phone must first be booted in safe mode, then the app can be removed through the app manager.
A better strategy is to avoid getting infected in the first place. The easiest and most obvious form of prevention is to download apps only from official app stores. However, users who are still worried about using banking software on a mobile device can consider the following recommendations:
• Use a strong password and a password manager to help remember passwords. Don’t use details like birthdays, pets’ names or other easy-to-guess passwords.
• Set up and use multi-factor authentication. Most banking applications support multifactor authentication. These features require hackers to obtain two pieces of data to get into or take over a bank account.
• Only use a banking app while on cellular data or a home Wi-Fi connection. Do not use public Wi-Fi for banking or other sensitive tasks, as hackers can easily intercept communications and harvest data.
Secure mobile app distribution As of July 2021, Android devices accounted for 72.21% of all mobile devices.
iOS devices came in at 26.92% and all other mobile operating systems made up the remaining 0.81%.2 In 2020, more than 218 billion apps were downloaded worldwide.
The Apple App Store and Google Play store accounted for 143 billion of those downloads, meaning 75 billion downloads were from third-party sources.
While Google has taken an open approach to app development and distribution, Apple has always maintained a proprietary approach, allowing downloads only through the official App Store.
As a result, Apple products have generally been considered the most secure mobile computing platform. However, companies such as Cydia have been offering iPhone jail-breaking services since 2007, enabling device owners to download and install unsupported apps from anywhere.
Bypassing official app store defence mechanisms Because of the risks of third-party apps, endpoint security teams have always advised users to download apps exclusively from official channels such as Google Play and the Apple App Store.
But this advice is often not enough as malware writers continue to come up with new ways to get rogue apps into these official stores undetected.
For example, it has recently been discovered that some developer accounts have been abused to register rogue apps and exploits such as script-based applications, leaving iOS devices open to downloading and installing rogue apps through official distribution. #Banking Malware Threats Rise over Mobile Banking Popularity –NOKIA
Read Also: NCC Issues Warning Alerts on Flubot Malware
The post Banking Malware Threats Rise over Mobile Banking Popularity –NOKIA appeared first on MarketForces Africa.
source https://dmarketforces.com/banking-malware-threats-rise-over-mobile-banking-popularity-nokia/