Malicious Mobile Banking Apps: The Future of Cybercrime?

Scams trying to obtain bank details from members of the public are nothing new – from phishing emails, to fake warnings about false charges or stolen cards that require bank details to be entered to solve an ‘issue’, or keystroke loggers. The Citadel Botnet, part of the disputed (by the security industry) takedown by Microsoft has resurfaced (as predicted by the security industry) with 20,000 Japanese victims at least this week !(

Cybercriminals have been thinking up numerous ways to try and gain access to those precious numbers since internet and mobile banking was invented. Recently, it would seem that attention has turned to the latest technological platform that banks are employing to try and make customers’ lives easier – mobile banking apps, with security experts picking up on a worrying trend of fake versions of these apps being used in scams.

So, how does it work? Well, in order to try and combat security issues with mobile banking apps banks now send an SMS to customers when they want to log in, in addition to username and password details for the app. In response, scammers have created their own malware that can steal the code in the SMS. This issue was uncovered by the security giant McAfee when they found two malware programmes affecting the Android mobile phone, which together were replacing the official bank apps on the phone and sending all the information that a user typed into them, including the SMS codes, straight back to the cybercriminals.

The same McAfee research found some 30,000 malicious mobile apps active in the first half of this year, indicating that this is becoming a serious growth area for cybercriminals and hackers. The malicious apps were mostly targeted at Google’s Android phones and predominantly originated from unofficial app sites, for example, those abroad which were much more likely to be used by phone owners looking for app sites in their native language, rather than in English. However, with Google Play also experiencing some malware infestations recently (, experts believe that this is just the beginning and it’s only a matter of time before we hear more stories of malicious apps managing to penetrate official app stores.

If you are concerned about online security ITC offers highly experienced managed security services. From network monitoring, to infrastructure and security management, we can provide a tailored service that delivers improved security and peace of mind – see our website for more information or email [email protected]