The number of mobile banking trojans has tripled over the last 12 years, posing a threat to citizens of both Russia and the EU, representatives of the Russian Ministry of Industry and Trade told SC Media UK.
According to statistics provided by Vladimir Kolokoltsev, Russia’s Minister of Internal Affairs, the damage caused by mobile banking trojans to Russians grew by 136 percent from 2016 to 2017. The Minister said that these figures are comparable with those of similar cybercrimes committed in the EU.
Kaspersky Lab reports that in Russia alone the total number of this type of viruses detected since the beginning of trhe current year has reached almost 100,000, significantly higher than in the EU.
Trojans use phishing to infiltrate victims with malware used to steal information from bank cards then obtain access to the victim's online banking account. In addition, they can steal money by intercepting information delivered through SMS services, including mobile banking password confirmation.
Valery Baulin, head of the laboratory of computer sciences and forensics of Group-IB told SC Media UK that, "Mobile devices using the Android operating system are the most vulnerable to Trojans," going on to explain that in trojans attacks the malware is downloaded to the phone, after which it can replace the legitimate application and to get legitimate logins and passwords, which provides access to the bank of the mobile phone user..
Kolokoltsev told SC Media UK via his representative there are a few known existing vulnerabilities that are common in some models of popular smartphones, and these are the ones usually targetted by hackers. The situation is aggravated by the fact that banks encourage customers to use mobile applications that sometimes do not have adequate cyber-security. When the criminal is successful in hacking the banking application via trojan, responsibility is put on a user for not ensurng proper protection for their mobile device.
Kolokoltsev says banks should be more active in fighting vulnerabilities to trojans in their mobile applications. Baulin adds: "It is high time for banks to change the paradigm of protection and to shift from investigation to preventive measures, including through the proactive prevention of cyber-atacks on all client devices."
Baulin advises that suspicious and uncharacteristic actions are identfied for each specific user, monitoring both Internet and mobile channels for interaction by the user with the bank to prevent cyber-attacks during online transactions.