Account Takeover Fraud , Card Not Present Fraud , Fraud Management & Cybercrime

FBI Warns Of Increasing Use of Trojans in Banking Apps

Fraudsters Eye Increase in Customers' Use of Mobile Banking, Bureau Warns
FBI Warns Of Increasing Use of Trojans in Banking Apps

The FBI is warning that cybercriminals and fraudsters are increasingly targeting mobile banking apps with malware in order to steal credentials and conduct account takeover attacks.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

In a public alert published Wednesday, the FBI's Internet Crime Complaint Center warns that fraudsters have increasingly used malicious apps as the COVID-19 pandemic has driven an increasing number of customers to turn toward mobile apps for their banking needs.

"Americans are increasingly using their mobile devices to conduct banking activities such as cashing checks and transferring funds," the FBI notes. "As the public increases its use of mobile banking apps, partially due to increased time at home, the FBI anticipates cyber threat actors will exploit these platforms."

As a result of this shift in banking, fraudsters and cybercriminals are increasingly deploying malware, such as Trojans, as well as fake apps in an effort to steal credentials and conduct account takeover attacks, according to the FBI.

The alert further warns that attacks using these means are likely to surge in coming days as more customers switch to banking apps as work-from-home situations continue (see: Analysis: The Long-Term Implications of 'Work From Home').

Banking Apps and Trojans

The FBI alert notes that fraudsters are increasingly using Trojans to target banking customers by disguising the malware as legitimate apps, games or other tools. When a mobile banking customer attempts to launch the malicious app, the dormant Trojan is triggered and prompts a fake login page that overlays the legitimate app for credential stealing.

Cybercriminals and fraudsters are also using fake apps that impersonate the real banking apps to target their victims. "These apps provide an error message after the attempted login and will use smartphone permission requests to obtain and bypass security codes texted to users," the FBI notes.

In addition to the fake banking apps and Trojans that the FBI notes, fraudsters are also relying on mobile phishing campaigns to target banking customers, says Chris Hazelton, director of security solutions at the security firm Lookout.

"We recently discovered a phishing campaign targeting customers via SMS messaging to lure them to fake websites of well-known Canadian and American banks," Hazelton tells Information Security Media Group. "Lookout identified more than 200 phishing pages that were part of this campaign, and has notified all banks affected."

Kacey Clark, a threat researcher at security firm Digital Shadows, notes that besides stealing credentials and taking over accounts, attackers can use Trojans as a dropper for installing spyware in order to gather more information on the mobile device and its user.

"Once installed on a device, spyware can remain undetected while managing and accessing everything on a victim's device including sensitive information such as the target device's camera and microphone, text messages, passwords, contact lists, stored or typed payment card details and geo-location," Clark says.

Despite the FBI warning, Chris Pierson, CEO of cybersecurity firm BlackCloak, believes that some mobile apps are better designed for security compared to their older, desktop counterparts.

"The message title could be better stated as there is no new risk created from the use of a mobile app and in fact these apps could be more secure on a hardened mobile platform given advances in certificate pinning than through a website on a computer," Pierson tells ISMG.

The alert, however, does serve as a reminder that taking simple steps, such as using two-factor authentication, can reduce some of these types of security threats.

Other Alerts

Since the World Health Organization declared COVID-19 a pandemic in March, the FBI has been issuing more public warnings about various cyber threats.

In April, for example, the FBI issued an alert warning that nation-state hackers have increasingly started to target American medical research facilities and healthcare organizations that are conducting research on COVID-19 (see: FBI: Hackers Targeting US COVID-19 Research Facilities ).

In another alert, the bureau warned that certain fraudsters are using the pandemic to deploy business email compromise schemes designed to steal money from state agencies and healthcare providers that are buying medical equipment and supplies to combat the COVID-19 pandemic (see: FBI: Fraudsters Targeting Medical Equipment Purchasers).

Managing Editor Scott Ferguson contributed to this report.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.