Bot Malware Attacking Financial Mobile ApplicationsOrhan Sari
Last June, the FBI warned of a type of bot malware targets insecure banking and financial mobile applications, can leak sensitive information, capture and send passwords to the servers it communicates with, and gain accounts.
This newly emerging mobile malware resembles the Trojan horse named EventBot, which appeared in April. EventBot looked like an Adobe or Microsoft Word application on mobile devices with the Android operating system, but its main purpose was to steal information from financial applications on the device.
This bot malware detects vulnerabilities on insecure financial mobile applications and exploits them for malicious use. It can capture SMS correspondence and other details. It can also steal two-step authentication codes, which allows it to log into accounts that may be important to the user.
There are many vulnerabilities that are common in banking applications, but the most common are listed below.
1- Unencrypted dynamic data
Transmission of sensitive data such as variables, user information, or configuration, without encryption, during communication with the frontend and backend of the application.
2- Keeping the keys of security certificates on the application
Communication between the user and the bank or financial company is encrypted end-to-end. However, decrypting this encryption may cause the traffic to be seen openly. This way, attackers can see sensitive information transferred during communication by using this bot malware.
3- Unsafe API Use
Using insecure APIs can expose sensitive information to users and cause hackers to use applications and servers for their own benefit.
How can measures be taken against Bot Malware attacks?
A. Increase User Cybersecurity Awareness Using Phishing Simulation Tools
Use phishing simulation tools and let your users experience the bot malware risks against and other similar cyberattacks from the outside world. By simulating similar attacks with a Phishing Simulator you can detect your low-awareness users.
Try our phishing simulator for free.
B. Cybersecurity Awareness Training
Lack of cybersecurity awareness among users can compromise both their own security and the security of their company. With regular information security training, you can train your users against such bot malware attacks. Use our cybersecurity Awareness Educator module for free, and have entertaining and instructive training contents.
Sedat Ozdemir / Cyber Threat Hunter / Keepnet Labs
Sedat Ozdemir is a Cyber Threat Hunter at Keepnet Labs. Sedat has more than 3 years of experience in IT attestation, penetration testing, programming and team leading. Sedat’s primary focus is on emerging technology issues and privacy concerns for organizations. Sedat is an active writer, speaker, and enjoys spending her time educating people on security and privacy.