Mobile security and new data on the risk of banking Trojans

New Avast survey shows that over 50% of consumers cannot distinguish real apps from fake apps.

At this week’s Mobile World Congress in Barcelona, we will be showcasing our mobile security because, as our recent survey proves, the world needs it now more than ever. New levels of cybercrime sophistication are making it almost impossible to identify scams. 


           Gagan Singh, Avast SVP & GM Mobile, speaking on mobile security threats

A very tricky malware

In November 2017, our mobile threats intelligence team, in collaboration with ESET and SfyLabs, discovered a new strain of the BankBot Trojan in the Google Play Store. The malware concealed itself in flashlight and solitaire apps. Once downloaded, it would target the banking app on the device. When the user conducted online banking, the malware would create a fake overlay on the genuine banking app. As the user keyed in the username and password, the malware would collect the info.

The bank apps targeted were all large blue chip banks, such as Citibank, Wells Fargo, Santander, HSBC, ING, Chase, Bank of Scotland, and Sberbank, among others. Cybercriminals were not daunted by the strict security measures as much as they were attracted to the large customer bases.

The survey: how many were fooled?

Avast conducted a survey of 40,000 consumers around the world — including the US, UK, France, Germany, Russia, Japan, Mexico, Argentina, Indonesia, Czech Republic, Brazil and Spain — to compare the perceived authenticity of official vs. counterfeit mobile banking apps. The findings show that it’s not so easy to tell the difference.

While 58% mistook an official mobile banking app interface as fraudulent, 36% mistook a fraudulent mobile banking app interface as official. The confusion among consumers was consistent across geographies. The survey also found that consumers around the globe worry more about having money stolen from their checking accounts than they do about losing a wallet or purse, or having their social media accounts hacked and personal messages read.

Fake-vs-Real-Citi-FB-LI-v2-1.png

sample banking app images shown to research participants 
(hint: the one on the left is fake)

Stay alert

While trusted app stores like Google Play and the Apple App Store do have security measures in place to weed out malware, we advise you also apply your own extra vigilance. Confirm that the banking app you’re using is the official, verified version. If anything looks awry or suddenly unfamiliar, check in with your bank’s customer service team.

Also use two-factor authentication if it’s available, and make sure you have a strong AI-powered mobile antivirus installed to detect and block this kind of tricky malware if it ever makes its way onto your system.

Avast will be showcasing its mobile security solutions at its booth at Mobile World Congress this week in hall 7, stand 7C60. Swing by and learn more.

--> -->