How safe is your mobile banking? | Gladstone Brookes

How safe is your mobile banking?

How safe is your mobile banking?

Cyber experts are warning consumers about a spoof mobile phone program which can steal your log-in details.

It is unclear how many people have unwittingly downloaded the Strandhogg program, but it is understood more than 60 financial institutions have been targeted.

Fake log in screens

The cyber thieves have found ‘a major security weakness’ in the Android software which allows them to create fake log in screens which can be inserted into legitimate apps to harvest your log in information.

Tom Hansen is the chief technology officer of Norwegian mobile security firm Promon which discovered the flaw. He said: “It targeted several banks in several countries and the malware successfully exploited end users to steal money.”

Malicious apps

The discovery was made after the firm started to analyse malicious apps which were responsible for draining bank accounts.

Said Tom Hansen: “We’d never seen this behaviour before. As the operating system gets more complex it’s hard to keep track of all its interactions.

This looks like the kind of thing that gets lost in that complexity.”

Trick

The Strandhogg vulnerability is used to trick mobile banking users into thinking they are using a legitimate app, but they are actually clicking into an overlay created by the hackers.

Once it was discovered Promon worked with an American firm called Lookout to scan the apps available on Android’s Play Store, they found 60 financial institutions had been targeted via apps that had been altered by Strandhogg linked to a well known money-stealing program known as ‘bankbot’.

Action

Google, who operate Play Store, said it had taken action to close the loophole but was keen to find out more about where it had come from.

In a statement it said: “We appreciate the researchers’ work and have suspended the potentially harmful apps they identified.”

”Additionally, we’re continuing to investigate in order to improve Google Play Protect’s ability to protect users against similar issues.”

Welcomed

Tom Hansen welcomed Google’s response and commitment to continue its investigations ‘as many other apps are potentially exploitable via the spoofing bug’.

He also warned that it was still possible to create fake overlay screens in Android 10 and other, earlier operating systems.

PPI News – A £350 million PPI cash rebate from the taxman?

Successful PPI claimants could be owed a £350 million rebate from the taxman because they may have paid income tax twice on their compensation.

PPI News – A £350 million PPI cash rebate from the taxman?

Successful PPI claimants could be owed a £350 million rebate from the taxman because they may have paid income tax twice on their compensation.

TSB to open dedicated IT centre for digital banking

Challenger bank TSB is to open a dedicated IT centre as part of its drive towards digital banking.

TSB to open dedicated IT centre for digital banking

Challenger bank TSB is to open a dedicated IT centre as part of its drive towards digital banking.

Santander latest to set 40% overdraft rate

Santander has become the latest bank to set a single overdraft rate of 40%.

News by month:

News by Category:


Menu