Banking malware continued to plague the Android platform throughout 2018, with cybercrooks relentlessly targeting users with banking trojans and fake banking apps, but also experimenting with new money-stealing techniques.
To help users navigate the tricky and expanding landscape of Android threats, Lukáš Štefanko, a malware researcher at ESET, sheds light on the most prevalent types, tactics and techniques of today’s Android banking malware in his white paper, “Android banking malware: Sophisticated Trojans vs. Fake banking apps”.
Cybercriminals use many different tricks, techniques and distribution methods, but can ultimately be divided into two broad groups – as the title of the white paper suggests. The distinction, however, might not be so clear to regular Android users.
If users know what they are up against they have a better chance of staying safe. The two categories might seek the same goal – stealing credentials for, or money from, their victims’ bank accounts – but their strategies for achieving that goal are very different. And that means that the way to prevent or remove threats will also be different for each category.
Banking Trojans are devious – they try to make users install them by pretending they are something fun or useful, but totally harmless. Think games, battery managers and power boosters, weather apps, video players and so on. Then try to keep users in the dark while they collect the rights and permissions needed for their grand finale. Then, when they least expect it, they slide a fake login screen over a legitimate banking app and steal the entered data. Victims might not be aware of anything happening until they find out that money has disappeared from their accounts.
Fake banking apps are much simpler – they all go in trying to convince users they are legitimate banking apps. Once installed and launched, they lead with a login form, just like a real banking app would. And, as you probably already guessed, the credentials submitted into the form are harvested. Victims usually realise immediately what happened as the app reveals itself by having no further banking app functionality.
How many users install malware is how many actually fall victim – and the odds are high with banking apps. This is because users install apps believing they are installing an actual banking app, which makes them willing to enter credentials upon seeing a login screen.
From a technical point-of-view, banking Trojans are more robust and increasingly hybrid-like. This means their capabilities go beyond just phishing for banking credentials, they could for example have some spying functions or ransomware-like capabilities. However, if we’re talking about the danger of getting one’s banking credentials stolen, then fake banking apps are just as dangerous.
There are three principles in steering clear of Android banking malware:
* First, stay away from unofficial app stores, if possible, and always keep “installation of apps from unknown stores” disabled on your device.
* Second, pay close attention to the app’s reputation on Google Play, and continue paying attention to its behaviour after it’s installed. Negative reviews and permissions that aren’t connected to the app’s function are the biggest red flags.
* Finally, only ever download banking and other finance apps if they are linked on the official website of the bank or financial service.
This approach – specifically looking for apps you need rather than installing apps you “happen to stumble upon” – may be the way to avoid malware altogether.
The post The murky waters of Android banking malware appeared first on IT-Online.