Banking malware threats are sharply increasing as cybercriminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentials and credit card information, says a report.
The Nokia 2021 Threat Intelligence Report, based on data aggregated from network traffic monitored on more than 200 million devices globally where Nokia’s NetGuard Endpoint Security product is deployed, showed an 80% year-on-year increase in the first half of the year in the number of new banking trojans, which also try to steal SMS messages containing one-time passwords.
Kevin McNamee, director of Nokia’s Threat Intelligence Center, says, “Cybersecurity threats only evolve and look for new opportunities, as shown by this year’s report. Banking trojans have dramatically increased over the last year as digital banking becomes more prevalent - and this is a trend we see continuing which reinforces the need for better online practices and having robust endpoint security in place.”
According to the report, a significant amount of this activity is focused in Europe and Latin America, but this activity is continuously spread to other regions of the world.
Banking trojans use a variety of tricks to collect information. These include capturing keystrokes, overlaying bank login screens with their transparent overlay relaying captured data to the intended target, taking screen snapshots, and even accessing Google Authenticator codes.
For years, banking malware has been targeted mainly at Android phones, the most targeted mobile device type for cybercriminals due to Android’s ubiquity and developer openness, with some banking Trojans among the most successful malware attacks in 2021.
The Threat Intelligence Report says that most banking applications allow users to add a multi-factor authentication feature to their accounts to make it more difficult for cybercriminals to obtain personal information.
Nokia says users are strongly recommended to avoid mobile banking from easily accessible public Wi-Fi access points; and to use both multi-factor authentications when available and robust passwords, which avoid common personal details like birthdays.
The report also found that COVID-19 related malware incidents in residential networks have levelled off at 2.5% after a peak in December 2020 of 3.2%. This demonstrates that people are more aware of the threats posed by COVID-related cyber-attacks and are taking steps to secure their home working environment, it says.
According to the report, many samples associated with a given malware point to the effectiveness of criminal organisations’ distribution campaigns.
Phishing and spam emails remain the most common methods for distributing malware.
Malware may also be downloaded by rogue applications and distributed as part of libraries widely used in application development.
A prolific malware may also indicate that the author is making a serious attempt to evade detection by anti-virus products. The report points out that many common forms of malware, including viruses, worms, bots, Trojans and keyloggers, can be polymorphic, constantly changing their identifiable features to make detection more difficult.
Last year, ransomware and cryptocurrency miners were the dominant malware, with almost 18% of all samples collected associated with crypto-currency mining. This year’s trend is more typical, dominated by Trojans and downloaders.
According to the report, internet of things (IoT) botnets, a network of devices connected with malware, continue to grow in size and sophistication due to the rising use of IoT devices, like ‘smart’ refrigerators and video surveillance cameras.
“One known as Mozi, which uses a peer-to-peer command and control protocol, has been used to create botnets consisting of around 500,000 individual devices. Mozi actively scans the network and uses a suite of known vulnerabilities to exploit additional IoT devices,” the report says.
IoT botnets are responsible for 32% of the malware incidents detected by Nokia’s NetGuard Endpoint Security.
Nokia says, “The introduction of 5G and multiaccess edge computing will introduce more IoT devices and further open up the attack surface. The best defence for network operators is active monitoring for the malware activity and automated response to eliminate or minimise the damage.”
How to deal with Android banking Trojans
A better strategy is to avoid getting infected in the first place. The easiest and most obvious form of prevention is to download apps only from official app stores. However, users who are still worried about using banking software on a mobile device can consider the following recommendations:
• Use a strong password and a password manager to help remember passwords. Don’t use details like birthdays, pets’ names or other easy-to-guess passwords.
• Set up and use multi-factor authentication. Most banking applications support multi-factor authentication. These features require hackers to obtain two pieces of data to get into or take over a bank account.
• Only use a banking app while on cellular data or a home Wi-Fi connection. Do not use public Wi-Fi for banking or other sensitive tasks, as hackers can easily intercept communications and harvest data.
