It’s well-known in the information security community that mobile malware has grown exponentially the past few years. Now, there’s increasing evidence that criminals are looking for new ways to use such malware to target mobile banking. According to Kaspersky Labs’ latest report, mobile malware designed to steal bankcard information and funnel money from bank accounts increased by a factor of nearly 20 times in the past year.
Banking Trojans can steal sensitive information such as online log in credentials, bank account numbers, and passwords, which criminals then use to breach accounts.
Two recent examples of mobile and online banking Trojans demonstrate how quickly criminals are adopting this method of attack:
- RSA researchers recently found source code for a mobile Android banking app Trojan on sale for $5,000 in an underground forum. The app, dubbed iBanking, was used in conjunction with PC malware to get around security mechanisms used by banking websites.
- In another case, Bromium Lab researchers found compromised videos on YouTube’s ad network that were hosting the Styx exploit kit used to proliferate Caphaw, a banking Trojan.
Because mobile banking provides the easiest way for criminals to steal money, it provides the largest target for criminals. The graph below shows the number of mobile banking Trojans that the researchers have collected:
Infographic: Kaspersky Labs
According to Kaspersky Labs, the countries with the highest number of unique attacked users are Russia (40%), India (8%), Vietnam (4%), Ukraine (4%) and the UK (3%). However, mobile malware targeting banking specifically is expected to grow in other countries this year.
wired read 