Banking malware is one of the biggest threats possible for mobile devices. Unsuspecting smartphone users have fallen victim to devious attacks from malware masquerading as something more innocuous, sometimes leading to their personal and financial information being leaked. It's for this reason that banking trojans are among the most dangerous of malicious programs.
Let's take a look at some recent incarnations of banking trojans and see how they can affect organizations and individuals alike:
Svpeng will steal your financial data
Business Insider contributor Rob Price recently reported on a banking malware scheme that's being distributed through Google's advertising network AdSense. This network, which is the single biggest ad network in the world, is used by countless organizations for their websites in order to generate ads, and the fact that it's currently the distribution vehicle for a malicious program like this banking trojan is especially troublesome. Unknowing users are clicking on these ads, which leads to the trojan being downloaded onto their mobile devices without their authorization.
Once installed, the mobile malware, called Svpeng, hides out in the list of phone applications. It steals financial data and spies on users more generally, gleaning information like call history, text messages and multimedia messages. In order to make sure you don't fall victim to this strain of malware, it's critical to stay on top of your phone's security settings.
"There are ways to avoid being infected," Price wrote. "If users have their security settings set so their phone won't run apps from unknown sources, their devices won't be compromised. By default, Android won't run unknown apps – but it is sometimes necessary to change these settings (to install apps from third-party app stores, for example) – putting the phone at risk."
In other words, it's important be wary of third-party apps downloaded from the app store – and not just because those apps in particular may be compromised. The requirement of shutting down security settings may trigger an infection from an app that's already on your device.
Malicious ads seen elsewhere
This isn't the first time Svpeng has been in the news, or that ads have been the vehicle for malware. In 2014, Bank Info Security contributor Tracy Kitten reported an earlier incidence of Svpeng, which took the form of ransomware that conducted targeted attacks on financial institutions in Europe. SC Magazine senior reporter Adam Greenberg noted that the alleged creator of this malware was arrested in Russia in 2015, but Svpeng's recent resurgence shows how resilient malware can be.
In addition, Forbes found in late 2015 that a small portion of its ads were serving malware to unsuspecting readers of the site. The organization was able to discover and shut down all of the offending ads, but not before they inflicted damage over a span of around seven days. The ads were launched on only eight pages, most of which contained older stories. This incident is indicative of how trivial malware and adware can be and yet still cause worry for the targeted organizations.
Previous woes: PayPal, GozNym
This isn't the first time banking malware has been in the news. Trend Micro researchers also discovered a strain of Android malware hiding behind the mask of a PayPal app update in late 2015. Spam emails were sent to German users requesting they download an important PayPal upgrade to their phones, with the links in the emails leading to a mobile banking trojan that targeted financial institutions.
The list of banking malware goes on. One of the most well-known culprits of the banking malware family is the GozNym malware discovered earlier this year. According to Fortune contributor Clay Dillow, the malicious program had stolen nearly $4 million from Canadian and U.S. banks at the beginning of April. It is a combination of two previously potent malware strains, Nymaim and Gozi, which came together to form a two-headed program when Nymaim began to download the Gozi trojan to infect banking systems.
This malware wormed its way into banking systems by using a tried-and-true method: phishing.
"The most common infection method we observed used with GozNym is a three-step process that begins with phishing emails containing poisoned Word documents," Security Intelligence contributor Lior Keshet wrote. "In the campaigns studied by X-Force researchers, malicious macros in the documents executed a Pony Stealer malware variant, which in turn downloaded and executed the GozNym installer/loader."
These are only a few examples of banking malware lurking on websites and looking to infect mobile devices, as well as hardwired computers on company networks. In a world where banking Trojans masquerade as legitimate applications on the app store, organizations and consumers need to remain diligent. Investing in effective cyber security software is one way to ensure their personal banking information stays out of the hands of hackers and their money remains safe.
