See it Live: How RiskIQ Host Pairs Confirm the Lazarus Group Attacks
Get vast internet data sets and advanced analytics to hunt digital threats and defend your company’s digital footprint.
Get RiskIQ Community Edition
Malvertising increased 132% in 2016… Download RiskIQ’s 2016 Malvertising Report to see a breakdown of how threat actor methods are trending.
Get the Report
RiskIQ Best Practices Forum – Get the Most Out of Your RiskIQ Investment
Join us in San Diego April 11-13.
January 21, 2015, Peter Zavlaris
The move towards mobile banking and mobile financial services has created many benefits for both financial institutions and their customers. However, in an attempt to better illustrate the risks in this area, RiskIQ has released data on the number of suspicious mobile apps being downloaded by Android users looking for banking and finance-related services.
RiskIQ’s own database, containing in-depth analysis of more than 7 million mobile applications collected from the world’s top 90 mobile application stores, shows more than 350,000 Android-based mobile applications referencing banking.
Of the 350,000 banking and finance-related mobile applications RiskIQ uncovered, over 40,000 apps have been labeled as suspicious. These applications are either confirmed as containing malware or flagged as containing suspicious binaries from a consortium of 70+ AV vendors. Of the 40,000+, roughly half have signatures consistent with mobile-based Trojan signatures.
Branded malicious mobile apps come in the form of compromised versions of official mobile apps or mobile apps wrapped in branding. They imitate functionality consistent with a given brand and have been pre-installed with malware or data-stealing permissions.
RiskIQ CEO Elias Manousos points out,
These findings show that criminals are using look-a-like banking apps to distribute malware and capture data on the device in order to commit crimes. Policing app stores for malicious apps and taking them down is a never-ending battle for banks and any other brand that uses the mobile channel to interact with customers.
The data suggests that mobile banking has become a significant target vector for malware. However, malware isn’t the only thing mobile banking consumers need to worry about.
Of the 40,000 suspicious applications, RiskIQ found thousands of applications with data-capturing permissions pre-loaded and activated upon installation. RiskIQ found almost 5,000 apps capable of reading SMS messages, over 8,000 capable of recording audio, roughly 4,000 which could disable the keyguard, and thousands of others with various additional permissions.
These permissions grant the mobile application developer access to the data people store on their mobile phones. This isn’t always a bad thing, but when a mobile application is compromised, it gives the attacker access to information he or she can use to exploit the user, sometimes even without using any malware at all.
Consumers can take steps to limit their exposure to malicious mobile applications. However, they may still find themselves helpless when confronted with well crafted forgeries or compromised versions of official applications.
Financial institutions have a responsibility to protect their customers, and this protection should extend to threats like malicious mobile applications. The best way to do so is to incorporate a technology that can police app stores for malicious apps and take them down as they are released. Adding this capability will not only prevent adverse customer experiences, but will also protect the integrity of the brand.
Back to RiskIQ Blog