Bank robbers no longer need to wear masks and carry guns, to steal money from a bank. Today we have digital bank robbers who rather use software to remotely breach your financial apps.
Financial service providers also find themselves in a dilemma, because their mobile apps need to be user friendly and simple to use, but this also means hackers will find it easier to breach them. They have to choose between form and function.
Hackers use information from your social media pages such as photos, location shared, dates, posts, and people tagged to piece together a social engineered attack on you.
Ways You Can Be Hacked
Trojan apps are apps that are harmful but appear safe and legitimate. Trojans that mimic mobile apps were first discovered spreading through Bluetooth in 2004.
Hackers select simple apps such as calculators, and build the Trojan version. This is because they know you may not scrutinize the app since it's 'just a calculator'.
However, when you check the data consumption of the 'calculator' you realize it is consuming much data, meaning it is performing secret activities in the background and stealing information.
The hackers will also send periodic updates containing even stronger variants of the virus to the fake app, which wrecks more havoc on your device.
Today hackers design Trojans to attack investment apps and banking apps. According to a mobile banking heists report by Zimperium, 10 Trojan variants have been discovered namely:
TROJAN NAME | MODE OF DISSEMINATION | DAMAGE CAPABILITY |
BianLian | Google play store | 1. Preinstalled fake login page overlay of financial apps
2. SMS interception
3. Can lock your device
4. Can pretend to be a normal app when google protect is scanning |
Cabassous | SMS messages | 1. Preinstalled fake login page overlay of some financial apps
2. Hides the app icon
3. Disables google play protect. |
Coper | Google play store | 1. Preinstalled fake login page overlay of financial apps
2. Avoids battery optimization so it's always active |
EventBot | 3rd party app stores | 1. Preinstalled fake login page overlay of financial apps
2. Bypass 2FA
3. Steals passwords
4. App icon resembles MS word and other popular apps
|
ExobotCompact.D/Octo | SMS messages | 1. Preinstalled fake login page overlay of financial apps
2. Updates itself
|
FluBot | SMS messages | 1. Preinstalled fake login page overlay of financial apps
2. Can manipulate your push notifications and edit the content |
Medusa | Google play store | 1. Contains key logger
2. Steals from your clipboard
3. Takes screenshots
4. Automatic Money Transfer |
SharkBot | Google play store | 1. Preinstalled fake login page overlay of financial apps
2. Changes recipient account number when you are sending money out
3. Hides app icon
4. Anti-delete feature |
TeaBot | Google play store | 1. Checks which bank app you use and informs the hacker, who then deploys a specially designed fake login page
2. sends data to hacker every 10 seconds
3. key logger
|
Xenomorph | Google play store | 1. Preinstalled fake login page overlay of financial apps
2. Bypass 2FA
3. Invites more malware in |
The Trojan apps could also land in your phone disguised as SMS messages from logistic companies like FedEx, asking you to download a tracking app to monitor a package that was sent to you.
Once you click on the link and download, the Trojan is installed and they come with preinstalled copycat login pages of financial apps.
If you have the original version of one of the financial apps and you attempt to login, the fake login page is deployed instead and your password and other data is stolen.
The mobile banking heists report also investigated 639 financial apps which run on the android platform, and are available on Google play store. The following were discovered:
In phishing, hackers send messages pretending to be genuine persons. The message is crafted to mimic that of a trusted sender.
The hacker starts by selecting a target group, then collects background information about them through their social media or any other online platform.
He/She then uses this info to design a fake message claiming to emanate from a legitimate organization. The messages usually contain malicious links that redirect you to fake login pages, where your password is stolen.
The hacker can then use the details to login to your emails or access your banking logins. Some hackers are even using deepfake to target unsuspecting users by impersonating someone.
To breach your finance app, if the hacker already has your password, he has to bypass two factor authentication (2FA) so he needs to get control of your sim card.
He contacts your network provider and claims his sim is lost. He then provides information about you usually gotten from social media platforms to verify his claim.
With this the hacker can successfully trick your network provider, into linking your phone number to a new sim card in his possession.
2FA codes are sent to the new sim card, so he can use the combination of your password and the code sent to your sim, to login to your finance apps and steal money.
Rather than transfer stolen funds from your account to another account which can be traced, hackers could buy gift cards because they offer anonymity.
Hackers usually re-sell these gift cards perhaps for a sum lower than their value. The reduced price is responsible for the booming sales of gift cards in the black market.
A standing order is an order you give your bank to transfer money out at regular intervals. Some hackers on getting access to your bank account, can decide to set a standing order for future recurring payment.
The order can be set remotely on the bank's app so hackers use this method to ensure that they continue making money from you.
If you earn monthly salaries they can see the date your salary is paid, and set the order to transfer it to the hacker on that date.
The dark web is an online market for stolen data including passwords. When a hacker accesses your finance app, your login password, credit card information, etc. can be taken and sold.
Other hackers buy this information and use for nefarious activities, and you may witness repeat attacks in the future.
If you operate a trading or investment account this can apply to you. An option contract gives the buyer the right but not the obligation to buy (call option) or sell (put option) an underlying asset, at an agreed strike price, at a future date.
The option writer sells the option to the buyer for a fee called a 'premium'. The hacker will sell the option to a buyer, and collect this premium which he transfers to himself. This leaves you with a contract whose terms you must meet at expiry.
Option contracts are legally binding. Only experts should sell options because they are affected by time decay. He also says 'call option' sellers face unlimited upside risk.
Options are usually traded by top level traders and when a hacker breaches your trading app, he doesn't take the risk into consideration.
If you sell a call option mandating the option holder to buy currency from you at a certain exchange rate, it means even if the exchange rate rises, you must buy it at that high price and sell to the option holder. This leaves you with losses as you buy high and sell low.
Pump and dump involves misleading investors into believing a particular security has potential to increase in value thereby making them buy aggressively.
Hackers can use the funds in your account to pump a stock by buying large quantities of it, thus causing its market price to rise.
The hackers who had initially bought the cheap stock with their own investment account, will then sell their stock at the current high price.
This causes a selling frenzy as other investors follow, and the stock price crashes leaving you with worthless stock.
Also, the hacker might be able to withdraw funds to accounts not linked to your, in case your broker does not have a strict AML policy.
You can protect against such hacks by securing your app or trading platform. There are multiple trading platforms by Top-tier licensed brokers that offer security features like 2FA, and Google Auth, which requires you to verify each time you login to trade & withdraw funds.
Keep your devices safe, install an antivirus, and update your phones software when prompted. Phone manufacturers know when new threats arise and that's why they deploy software updates.
Don't click on suspicious links or advertorials as they could be booby-trapped. Always use the apps that come with your phone instead of installing new ones from app stores.
Remember that banking and investment apps are prime targets so you should always read and watch out for new threats as they keep surfacing. Don't be an easy target for hackers, deny them access.
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.