How safe is your mobile banking? | Gladstone Brookes

How safe is your mobile banking?

How safe is your mobile banking?

Cyber experts are warning consumers about a spoof mobile phone program which can steal your log-in details.

It is unclear how many people have unwittingly downloaded the Strandhogg program, but it is understood more than 60 financial institutions have been targeted.

Fake log in screens

The cyber thieves have found ‘a major security weakness’ in the Android software which allows them to create fake log in screens which can be inserted into legitimate apps to harvest your log in information.

Tom Hansen is the chief technology officer of Norwegian mobile security firm Promon which discovered the flaw. He said: “It targeted several banks in several countries and the malware successfully exploited end users to steal money.”

Malicious apps

The discovery was made after the firm started to analyse malicious apps which were responsible for draining bank accounts.

Said Tom Hansen: “We’d never seen this behaviour before. As the operating system gets more complex it’s hard to keep track of all its interactions.

This looks like the kind of thing that gets lost in that complexity.”

Trick

The Strandhogg vulnerability is used to trick mobile banking users into thinking they are using a legitimate app, but they are actually clicking into an overlay created by the hackers.

Once it was discovered Promon worked with an American firm called Lookout to scan the apps available on Android’s Play Store, they found 60 financial institutions had been targeted via apps that had been altered by Strandhogg linked to a well known money-stealing program known as ‘bankbot’.

Action

Google, who operate Play Store, said it had taken action to close the loophole but was keen to find out more about where it had come from.

In a statement it said: “We appreciate the researchers’ work and have suspended the potentially harmful apps they identified.”

”Additionally, we’re continuing to investigate in order to improve Google Play Protect’s ability to protect users against similar issues.”

Welcomed

Tom Hansen welcomed Google’s response and commitment to continue its investigations ‘as many other apps are potentially exploitable via the spoofing bug’.

He also warned that it was still possible to create fake overlay screens in Android 10 and other, earlier operating systems.

Gladstone Brooke’s Top 20 PPI Payouts for March 2020

Gladstone Brookes clients are continuing to receive life-changing sums of money as compensation for PPI they were mis-sold.

Gladstone Brooke’s Top 20 PPI Payouts for March 2020

Gladstone Brookes clients are continuing to receive life-changing sums of money as compensation for PPI they were mis-sold.

UK Banks Could Lose £ Billions Through Coronavirus

Fear over how the coronavirus will affect outstanding loans to companies struggling with the coronavirus pandemic could cost UK banks billions of pounds, claims a new report.

UK Banks Could Lose £ Billions Through Coronavirus

Fear over how the coronavirus will affect outstanding loans to companies struggling with the coronavirus pandemic could cost UK banks billions of pounds, claims a new report.

PCP car loan – were you mis-sold?

Tens of thousands of UK motorists could be owed compensation for mis-sold car finance loans known as personal contract plans (PCP) after a two year investigation found some motorists were paying £1,100 over the odds on their finance.

News by month:

News by Category:


Menu