Following the news that a Gugi malware is targeting Android banking apps, Artem Chaykin, Head of Mobile Application Security Department, Positive Technologies provided the following comment to @DFMag;
“The best way to avoid Android Trojans – do not install apps from unknown sources. By default you can install apps only from Google Play, but Android allows you to change this. As an Android user you should always install apps only from the official market.
“If you run a company, it could be hard to convince all your employees to apply this security rule on all BYOD or corporative devices. However you can force them to do this by applying mobile security policies via MDM systems or Microsoft Exchange, for example. This can protect users from typical Android Trojans.
“The new generation of Android Trojans is another story. According to our statistics, 75% of Android banking apps are exposed to high-severity vulnerabilities and some of them, like one-time passwords stealing, can be exploited by malware applications with zero permissions. What you can do? Install updates to applications as soon as they come, use security systems which can detect suspicious behavior of your applications… and yes, simply try to avoid serious operations (like money transfer) via Android mobile apps.”