Researchers detected a new Android Trojan called Gustuff that is capable of targeting more than 100 mobile banking apps.
In this first article of a two-part series, IBM X-Force exposes some of its research on the typical malware and tactics, techniques and procedures (TTPs) used in Brazilian financial cybercrime.
In July 2018, Researches reported three fake Android banking apps that phished for users' credit card details and leaked them online by transferring them to an exposed server.
IBM X-Force reported that mobile malware developers uploaded at least 10 malicious downloader apps to the Google Play Store as the first step in a process that fetches BankBot Anubis.
The mobile revolution has made it simpler and faster for banking customers to conduct financial transactions, but it has also expanded the attack surface for fraudsters aiming to steal sensitive data.
Open Banking: Tremendous Opportunity for Consumers, New Security Challenges for Financial Institutions
New security standards around open banking focus on multifactor authentication and monitoring of transactions but largely ignore device security.
Open banking promises to make financial services apps more convenient, but there's still a lot of confusion about how financial firms will protect customer data from rogue third parties.
Simple security best practices can go a long way toward securing mobile transactions and payments for both consumers and service providers.
Although mobile payments are more convenient and arguably more secure than carrying physical credit cards, both retailers and consumers remain wary.
Financial companies that provide mobile services need advanced malware detection tools and threat intelligence to protect customers from financial fraud.