US security company, RiskIQ, recently conducted an in-depth analysis of more than 350,000 Android-based mobile applications relating to banking; of those, over 40,000 apps have been labeled suspicious because they were either confirmed as containing Malware, flagged as containing suspicious binary signatures referenced from seventy Anti Virus vendors, and half have signatures consistent with “mobile-based Trojan signatures”.
“Branded” malicious mobile banking apps come in the form of compromised versions of official mobile apps or mobile apps wrapped in branding and they imitate functionality consistent with a given brand; they have been pre-installed with Malware or data-stealing permissions.
Of the 40,000 suspicious applications, RiskIQ found –
- thousands of applications with data-capturing permissions pre-loaded and activated upon installation
- almost 5,000 apps capable of reading SMS messages
- over 8,000 capable of recording audio
- roughly 4,000 which could disable the key-lock on the phone
- and thousands of others with various additional permissions
The data suggests that mobile banking has become a major target for Malware
Ensure that your mobile banking app is from a reputable source (i.e. your bank)
Information taken from and accredited to RiskIQ website