Consumers around the world that use mobile banking apps are at a greater risk of being tricked by cybercriminals and falling victim to mobile banking Trojans. This is according to new global research from Avast, which asked almost 40,000 consumers in 12 countries around the world to compare the authenticity of official and counterfeit banking application interfaces.
Globally, 58% of respondents identified the official mobile banking app interface as fraudulent while 36% mistook the fake interface for the real one. In Spain, the results were similar at 67% and 27% respectively, compared to 40% and 42% in the US.
The findings highlight the level of sophistication and accuracy applied by cybercriminals to create trusted copies designed to spy on users, collect their bank login details, and steal their money.
Avast has detected a number of mobile banking Trojans in recent months – a privacy and security threat that is on the rise. The banks targeted by cybercriminals and under the microscope in the survey include Citibank, Wells Fargo, Santander, HSBC, ING, Chase, Bank of Scotland and Sberbank.
Despite having strict security measures and safeguards in place, the large customer bases of each bank make them attractive targets for cybercriminals to develop fake apps that can mimic their official apps.
In November last year, Avast’s Threat Labs Mobile team discovered a new strain of the BankBot Trojan in Google Play targeting consumers’ bank login details. Avast analyzed the threat in collaboration with ESET and SfyLabs.
This latest variant was concealed in supposedly trustworthy flashlight and Solitaire apps. Once downloaded, the malware would initiate and target the apps of large blue chip banks. If a user opened the banking application, the malware would create a fake overlay on top of the genuine app with the goal of collecting the customer’s banking details and sending them on to the attacker.
“We are seeing a steady increase in the number of malicious applications for Android devices that are able to bypass security checks on popular app stores and make their way onto consumers’ phones. Often, they pose as gaming and lifestyle apps and use social engineering tactics to trick users into downloading them,” says Gagan Singh, Senior Vice President and General Manager of Mobile at Avast.
“More often than not, consumers can rely on trusted app stores like Google Play and Apple’s App Store to download applications, but extra vigilance is also advised. It’s important to confirm that the banking app you are using is the verified version. If the interface looks unfamiliar or out of place, double-check with the bank’s customer service team. Also use two-factor authentication if it’s available and make sure you have a strong antivirus for Android installed to detect and protect you from money-grabbing malware.”
The survey also found that consumers across the globe are more concerned about having money stolen from their checking accounts than losing a wallet or purse or having their social media accounts hacked and their personal messages read. Globally, 72% of respondents voiced financial loss as their primary concern. In Spain, 85% of consumers said the same and 71% in the US.
Roughly two in five (43%) survey respondents worldwide said they use mobile banking apps. In both Spain and the US, almost half (46%) said they were active users. Of the respondents that don’t bank via smartphone or tablet, almost one third (30%) pointed to a lack of security as the leading concern. This concern was shared by 21% of the respondents in Spain and 36% in the US.