Two Attacks On Mobile Banking Are Back

It feels as through every day, a new app is released that makes it easier to pay for something through your mobile device. Whether you’re tapping your phone to a card reader, depositing checks through a mobile banking app, or paying bills online, there are many ways that banks and tech companies have joined to mobilize the payment process. While mobile banking has made it easy to access personal accounts on the go, it also means that, similarly, hackers have that much less work to do in order to gain access to your accounts. And, as mobile banking gets smarter, so do mobile banking hacks.

In 2016, there were 2 major mobile banking Trojans: Faketoken and Tordow. Faketoken created fake login screens so hackers could steal login credentials through financial apps, and login on their own to empty accounts. Tordow came piggybacked on popular apps (think Pokemon Go and Telegram), and would steal sensitive information about the owner of the mobile device by gaining root access.

Both hacks have evolved to meet the security measures that banks and mobile banking apps have taken to protect their users. This time around, the Faketoken hackers have built in the capability to encrypt files into a mobile device’s SD card. The malware also continually asks users for permissions after it has been installed, which would allow more damage to the user’s security further down the line.

Tordow similarly can encrypt files on a user’s mobile device, as well as make calls, send SMS messages, download and install programs, and access contacts, among other dangerous permissions such as manipulate banking data. There are a few main precautions anyone can take to prevent their mobile device from an attack.

  • It’s OK to Be Picky There are loads of apps to be downloaded from the Apple App Store and from Google Play, and if you’re like me, you’ve got pages of unused apps sitting on your device. It’s helpful to be picky about the apps that you choose to download, and those that you choose to keep. Hackers can hitch their own malware on with apps that you download and in turn, gain access your login credentials.
  • Access Not Granted When hackers piggyback their Trojans on to apps, they can also gain access to your mobile device directly by asking for permissions that the app would not otherwise ask for. Stay alert and pay attention to what permissions your apps are requesting, because it’s easy to get into a habit of granting permission for everything that pops up on your phone. To maintain your device’s health, be sure you know what you’re agreeing to. For anything you’re unsure about, deny, deny, deny.
  • Make Your Password as Unique as You Are Passwords are totally useless if they’re easy to guess, or if they’re the same across all accounts. If you use one password to create an account for a newly downloaded apps, it makes it incredibly easy for a hacker to guess the rest of your passwords on your accounts across your device. Whether they want to get into your bank account, or figure out your location data, if an outsider has the password to all accounts, all doors open up.

If you do worry that your phone has been compromised, the first thing you should do is run a mobile anti-virus software. McAfee Mobile Security is free for both Android and iOS, and helps to protect your device and its data from hackers.



Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Mobile Security

Back to top