Android banking malware masquerading as email app targets German banks

Security researchers have found an Android banking malware masquerading as an email app that targets several large German banks. This banking malware is designed to steal login credentials from 15 different mobile banking apps for German banks. It also has the ability to resist anti-virus mobile apps, as well as hinder 30 different anti-virus programs and prevent them from launching.

Commenting on this, Don Duncan, security engineer at NuData Security , said “In the Android world, device administrator access comes with a lot of benefits. It’s this level of access that allows malware access and control over a device pretending to be you. A BYOD (bring your own device) that you’ve purchased and use has now become the vehicle for others to collect not only your personal information, but corporate data as well.

This is one challenge with device authentication, as it assumes that the person with the device and the information on the device represents a living and breathing user. Device authentication is a carry-over from the personal computing era which doesn’t map well to the new mobile world. Users have multiple devices in various forms, and it’s important in this age of IoT (Internet of Things) to determine if there is a real user behind the device or if it’s an impersonator. For example; I may be driving the car, but that doesn’t mean it’s my name on the insurance slip in the glove box.

The use of passive behavioural biometrics allows another level of authentication without introducing frustration into the user’s mobile experience. The use of passive behavioural biometrics during the user engagement is not only with the device, but the mobile application, and addresses many of the gaps in the existing mobile user authentication process making exploits like this much easier to spot. This is true when the device is being impersonated, as with this malware, or when the data is farmed via the intercepted SMS messages and later used for identity crimes. Because passive biometrics and behavioural analytics can detect if it’s the real human user interacting with the device, it can detect this type of impersonation in real-time. Placement examples are at user login, initiating a transaction, credit applications, money movement, account changes, or opening new accounts. This enables FI’s to make good risk decisioning at any of these stages because they have a fuller and more accurate understanding of the risk each customer or “customer” presents.”