Lookout Life
Endpoint Security

December 19, 2018

min read

Mobile Banking Continues to be Primary Target for Trojan Attacks

Mobile banking apps are increasingly the primary method for customers to manage their finances, enabling transfer of funds, deposit checks, as well as pay bills. The convenience of mobile banking is driving massive adoption among users, with 15% of customers primarily banking thru a mobile app. This adoption is only going to increase, as millennials continue to use their smartphones as wallets. In fact, 68% of millennials see smartphones replacing their wallet.1 Unfortunately, this trend has not gone unnoticed by cyber criminals. Lookout continues to see advanced trojans targeting mobile banking users resulting in customer data compromise and fraudulent transactions. In May, RSA found that the growth of fraud transactions originating from mobile apps increased over 600 percent in three years, from 5% in 2015 to 39% in 2018.

Just this month, ESET researchers discovered a new Android trojan that targets the official Paypal app. Masquerading as a battery optimization tool, the Trojan takes advantage of Android Accessibility services, which allows the app to attack users even when they have two-factor authentication enabled with their Paypal account. While this malware has very limited reach in third party app stores and requires specific app permissions, it’s an example of how common approaches like multi-factor authentication (MFA) are not always enough to protect against trojans targeting mobile banking apps.

Overlay attacks on financial institutions have increased significantly this year. In Feb 2018, Lookout researchers uncovered 7,700 samples of BancaMarStealer -- targeting over 60 financial institutions globally. It was first spotted nearly five years ago, but today, the malware family is stronger than ever.

BancaMarStealer overlays that convincingly imitate login of major financial institutions

How the latest trojan works

The goal is to trick users to log into valid mobile banking apps that enables the immediate theft of credentials, with the goal of creating fraudulent financial transactions. By executing an overlay attack, the malware presents a foreground lock screen and blocks the user from tapping ‘back’ or ‘home’. This allows takeover of a legitimate session and impersonation of the victim executing fraudulent financial transactions without setting off any immediate red flags.

Strong authentication/MFA isn’t enough

There is growing reliance on multi-factor authentication (MFA), which is often presented as the gold standard for securing access to key applications on mobile devices. However, MFA does not check the security of apps installed, device firmware, or network connections, so it does not provide adequate protection in the case of mobile malware - particularly trojan attacks. Even with MFA enabled, without the ability to detect and remediate malware on a device, mobile banking apps are still at risk even when strong authentication is in place.

How Lookout protects mobile banking apps

Lookout App Defense SDK -- a lightweight, easy to use library for Android & iOS -- detects app, device and network based threats that can lead to account takeover and customer data compromise via your mobile app. It supports real time authentication in order to detect, protect, and remediate against trojan attacks on mobile applications. Armed with a dataset of over 70M apps, Lookout cloud based app detection engine can identify various types of malware (advanced overlay attack trojans, bots, spyware, exploits, surveillanceware, and more) using predictive behavior and binary similarity analysis for apps on a user’s device. Upon detection the banking application can be enabled for various remediation actions based on the severity of the threat--including blocking authentication, read-only, or preventing access to sensitive customer data.

App Defense SDK also leverages security telemetry from Lookout global sensor network of 170M devices, to identify any anomalies that may be present on a device running the banking app. Only Lookout has the massive dataset required to take advantage of machine learning at scale, providing early visibility into new mobile threats and protecting your customers in real-time.

With only a few lines of code, integrate Lookout App Defense SDK into your apps to leverage the power of the Lookout Security Cloud.  

To learn more about protecting your mobile apps, visit here.  

1. PwC 2018 Digital Banking Consumer Survey: