The explosive rise in mobile malware

Lelanie de Roubaix|11 July 2018
The explosive rise in mobile malware

Since one of the first known mobile viruses, Timofonica, was discovered in 2000, the mobile landscape has seen a staggering increase in both the number and the type of malware threats. The fraudsters behind them are often at the forefront of technological innovation, leading attacks that range from basic keylogging (for harvesting usernames and passwords) to sophisticated ransomware that demands payment from victims to regain access to their devices or accounts.

Naturally, the evolution of mobile malware has been influenced by shifts in the mobile device market. As cybersecurity company Kaspersky Lab points out, when Symbian and Nokia lost their leading market share to other devices and operating systems, the mobile malware landscape changed accordingly. While Microsoft’s Windows Mobile and RIM’s BlackBerry enjoyed brief periods of popularity – among users and fraudsters alike – Google’s Android has hogged the limelight for several years now. It is currently the most widely used operating system in the world, with around 73% of all smartphones running it. It is also the most attacked: G DATA reports that more than three million new Android malware samples were discovered in 2017. In 2011, this number was below four thousand.

In plain sight

Among the types of mobile malware that have seen the biggest increase in popularity, banking trojans stand out. In fact, they have been named as one of the most significant threats of the decade, and in the first quarter of 2018, banking trojans overtook ransomware as the top malicious payload distributed through email.

As the historical reference in their name suggests, trojans hide in plain sight. They pose as legitimate apps, in many cases banking apps. Once installed, they overlay the legitimate banking app’s interface, and when the user enters their credentials (username and password), the trojan harvests that information, allowing the fraudster to log into the user’s account and complete transactions.

Many mobile banking trojans are known for their sophistication, as a recent modification of the well-known mobile banking malware family Svpeng illustrates. A keylogger was added to the trojan’s capabilities, enabling it to steal text and exploit devices’ accessibility services by granting itself device permissions. When it was first detected in 2013, the Svpeng family was one of the first malware families to attack SMS banking, to use phishing pages to overlay other apps (including PayPal and eBay), and to use ransomware. It continues to evolve, exploiting vulnerabilities in browsers, operating systems, and banking apps in particular, making it one of the most dangerous mobile malware families out there.

Control and protect

While it is essential that banks be aware of the importance of app security, mobile malware does not typically target the banking app itself. Instead, it exploits user behavior and vulnerabilities in operating systems. So how can banks protect their users from these kinds of attacks?

The solution lies in establishing a secure communications channel between the bank’s server and the legitimate banking app on the customer’s mobile device, so all that messages sent to and received from that device are encrypted end-to-end – and therefore cannot be intercepted. By issuing digital certificate technology to each customer’s device with a unique identifier using digital certificate technology, the bank can ensure that it is communicating with that customer and not an imposter. Whenever the customer logs into their app or attempts to complete a sensitive transaction, the bank can push an encrypted authentication message directly to their device, and the customer responds by simply tapping Accept or Reject.

How does this protect the customer from a banking trojan posing as a legitimate banking app? It’s simple: if the app user receives a prompt asking them to confirm a login or transaction they themselves did not initiate, they can simply choose Reject, denying the fraudster access to their account. It's all about giving the user control at a crucial moment.

Download our white paper on securing the mobile banking channel, or see Entersekt’s take on mobile app security.

About the author

Lelanie de Roubaix

Lelanie de Roubaix

Marketing communications specialist

Subscribe to our newsletter for our latest news, press releases and events

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.