Mobile banking trojans are evolving. Recent developments include key stroke loggers and ransomware features added to the core components.

These banking trojans are already deadly dangerous but recent additions signal a sea change, as fraudsters develop ever more cunning and ingenious methods to part mobile banking users from their money.

Should I be concerned?

If you use a smartphone for mobile banking then at the very least you need to be aware of this threat.

Your smartphone is a scaled down desktop PC; it has powerful computing capacity, runs its own operating system and is loaded with software that is either pre-installed or you’ve downloaded.

And if you own an Android operating system smartphone then you need to be acutely aware of this threat.
Most mobile banking trojans are aimed at Android, something close to 98%. Android is an ‘open’ system which means phone manufacturers can tweak it to suit the phone models they release.

However, this leads to operating system fragmentation.
  • When Google releases an update it doesn’t mean that all the different versions of Android running on smart phones are secure even if the update is deployed.
  • This is because manufacturers tweak the operating system. Further some manufacturers also don’t readily release updates.
  • This means that some versions of Android become vulnerable to hacking.

How widespread are mobile banking trojans?

In 2016 over nearly 130,000 mobile banking trojans were detected as well as over 250,000 ransomware trojans, also aimed at mobile devices.

Clearly, despite the lucrative opportunities offered by mobile ransomware, cyber fraudsters still place great store on banking trojans.

Put simply ransomware demands a fixed fee from a victim whereas banking trojans can be used to plunder someone’s bank account and empty it of all its contents.

BullGuard protects your devices from malware, hackers and spies


How do banking trojans get on my phone?

Users unwittingly download the mobile banking trojan which is typically disguised as a legitimate app.
  • The malicious app is published on third-party app stores
  • Sometimes they even sneak into the official Google Play store
  • Cyber crooks sometimes send phishing SMS messages containing malicious URLs. If a victim clicks on the link the trojan downloads
  • Malicious advertisements – these types of ads can hide trojans but that said the user has to take several further steps before they unwittingly download the trojan.
  • Mobile adware - Some mobile adware shows ads for other software. This software might be legitimate, it might not. Fraudsters can however use them to distribute trojans.  Similarly, ‘rewards’ can be offered for installing apps, which is another means of distributing trojans.

How do they work?

Let’s assume a user has unknowingly downloaded a banking trojan onto their Android device and they also have a banking app on their phone.
  • When the user launches the legitimate banking app, the trojan detects what is happening on the phone
  • It then displays its own interface overlaying the banking app’s interface. Most people won’t notice
  • Alternatively the trojan can redirect users to a malicious website page or use keylogging to pull information from the user’s phone
  • Please note that most effective trojans impersonate many banking apps, payment services, and even instant messaging apps
  • When a user goes to input their credentials, user name and password, into what they think is the legitimate app, the trojan takes note, steals the information and sends it back to a server controlled by the hacker
  • Many banks operate a two-factor authentication process
  • Some banking trojans are designed to intercept two-factor authentication sent by SMS

How to protect yourself

When you download an app you have to check the permissions box to allow the app to run and do what it needs to do.

Similarly a mobile banking trojan needs a series of app permissions for it to go about doing its nasty business
As a result, a banking trojan often requires a user to authorise the following SMS permissions:
  • Read SMS – enables the application to read SMS messages stored in the SMS inbox
  • Receive SMS - intercepts SMS messages and prevents them from reaching the SMS inbox
  • Write and send SMS - enables the trojan to harvest the victim’s contacts and send phishing SMS messages

If an app is requesting any of these permissions it should raise an immediate red flag and lead you to ask ‘why?’

If an app requests these permissions you need to treat it with caution and if any doubt, simply don’t allow it to download.

Furthermore, make sure that you’re running antivirus software. This will identify and stop malware from loading onto your phone.

You can download BullGuard Mobile Security FREE here.