Mobile Banking Malware: What to Know & What to Do

August 23, 2018

Mobile banking malware is on the rise. According to international cyber security provider Kaspersky, malware installation packages increased by more than 421,000 in quarter two of 2018. This coincides with the tremendous increase in mobile banking app downloads which reached more than 61,000 in quarter two

Why does this matter? Because credit unions and banks with less than $35 million in assets accounted for more than 80% of hacking and malware breaches in 2016. The consequences of such attacks cost credit unions over $5 million on average along with severe damage to their reputation.

Why are Credit Unions At Risk?

Although the entire financial industry ranks in the top five for most targeted malware attacks, credit unions have an even greater risk. Why? It all comes down to resources. With most credit unions averaging around 50 employees, these financial institutions face the same security threats but less time, money and manpower to combat the growing problem compared to big commercial banks.

Effective mobile security requires both proactive and reactive strategies. There has to be strategies in place to prevent attacks from happening, such as monitoring and virus protection, as well as strategies to mitigate damage if an attack does happen, such as disaster recovery. Achieving these is no small feat, that’s why there's a whole field dedicated to managed IT security services.

What Are the Types of Mobile Malware?

By 2020, over two billion mobile phone users are predicted to use mobile banking. That gives bad players plenty of opportunities to subvert, harm and scare consumers away from trusting the security of financial institutions. These are forms of mobile malware to watch out for:

Spyware

As its name so aptly states, spyware uses your mobile connection to spy on your mobile habits, secretly gathering personal data. By deceiving users into thinking they've downloaded the real banking app or infecting the actual app, spyware can collect browser history, contacts, location, device ID and more. The malware then delivers the information to third parties for use in attacks.

Adware

In some cases, spyware evolves into adware, which happens when the third party is a rogue advertising data firm that then uses the data to target you with unwanted ads (think continuous pop-ups). Once you click on the ad, your device is subjected to further malicious downloads or installations.

Ransomware

Ransom holding has moved to the mobile sphere. Now, they're holding your important personal information in exchange for money. This malicious type of attack is especially dangerous with mobile banking apps because they can control your accounts and block you from access until a payment (hundreds to thousands of dollars) is made. This attack is often carried out through email and phishing scams.

A Real-Life Example - Marcher Malware

Marcher, a type of malware first deployed in March of 2013, is a constantly-evolving threat to financial institutions. Its most recent evolution combines phishing and Trojans to gain access to users' bank accounts to steal their banking information.

Specifically targeting Android devices, Marcher uses a fake email link to direct users to a page where they're prompted to enter their bank login information, email address and phone number.  After using that contact information to force users to download the fake banking app, Marcher deploys credit card phishing and other scams to gain access to your personal information.

What Should You Do?

To protect your company and your consumers, it's critical to plan, educate and train against mobile malware attacks. Security should be a top priority, and there are actionable steps to take to guard yourself against malicious intent.

1. Security Awareness Training: train your employees and consumers on how to spot and avoid possible malware attacks. Teach them to be wary of attachments, unknown contacts and suspicious links. 

2. Trusted Sources: be aware of who or where you're downloading apps from. Ensure you always use a trusted and verified source like the Google Play store or Apple App Store to avoid possible scams.

3. Antivirus Protection: install antivirus and anti-spam programs onto your phone for added security. As with any protection software, make sure it's always updated and regularly used to catch attacks before they happen. 

4. MSP Support: work with a reliable and knowledgeable IT solutions company that has the resources to protect you from mobile malware attacks. Managed service providers have the expertise and manpower to truly safeguard your consumers' confidential information so you can focus on your core services.

MSPs provide clients with a higher level of service by providing a superior approach to IT. They offer businesses proactive, immediate and regular support to correct potential issues and resolve them before major damage occurs. Learn more about the benefits between MSPs and you.

Mobile malware is a serious threat, but with the right knowledge, effective tools and strong IT support, you can protect your consumers and preserve your reputation.

Take the first step to IT security. iVenture Solutions is an award-winning managed service provider delivering superior IT solutions to clients across Florida. As a leading-edge IT firm for small and medium-sized businesses, we provide a diverse range of services covering the entire scope of IT including maintenance, support, hosting and more. Through rapid response time, reduction of chaos and the right people, our expert team of IT professionals will fulfill your technology needs. At iVenture, we give you more time to do what matters most. 

Help My IT

How can iVenture help your company?