AndroidOS_Marchcaban.HBT Targets Mobile Banking Apps

By |2018-09-24T04:45:19+00:00October 8th, 2015|

20151008-header

Human error is cited as the leading cause of 52% of all security breaches and the new AndroidOS_Marchcaban.HBT Trojan may drive that number even higher via a phishing scheme targeting PayPal users and their mobile banking apps.

Another Day, Another Phishing Attack

While app developers have spent valuable time and money building a level of trust with their users, the AndroidOS_Marchcaban.HBT delivery system is designed to exploit that relationship for nefarious purposes.

The attack begins with an email – cyber criminals have sent out 14,000 variations of a message that prompts users to update their Android PayPal app via the given link. When the link is clicked, a rogue download of the AndroidOS_Marchcaban.HBT mobile banking Trojan launches in the background.

As with all phishing attacks, the criminals have gone to great lengths to make the email appear as legitimate as possible. The design seems to have the official PayPal logo and the email appears professional. PayPal is such a trusted company that most users have no qualms about clicking the link.

Mobile Banking Apps: Phishing for Credentials

The user opens the email and clicks on the malicious link, the Trojan is downloaded to the Android device. Now what?

Like any other app, the malicious download prompts the user to provide system administrator permissions. For many unsuspecting users, this is almost second nature as they give away the rights to:

  • Change the screen-unlock password
  • Set password rules
  • Lock the screen
  • Set storage encryption

When your users give these permissions away, they’ve given the attackers everything they need to steal banking credentials. Trend Micro says that even if users don’t give permission, the Trojan still runs in the background and there is no way to interact with it or remove it.

When users open the infected app, the Trojan places a fake UI over the official app, enabling attackers to steal login information. This may all be the result of user error, but mobile banking app owners must be ready to defend against this Trojan, nonetheless.

To developers, the threat is a double whammy: Your app being used as a platform for third parties to victimize users carries both legal and social liabilities, and the access point utilized by the Trojan turns your greatest marketable strength – the users’ trust – into a weakness.

Mobile App Fusion Gives You Peace of Mind

Apps – mobile banking apps being no exception – are fairly uncontrollable once they’re in the hands of the users. You can’t decide when a user is going to use a malicious Wi-Fi network or download a piece of malware.

Here’s the hard truth: These threats won’t go away on their own. Phishers, pharmers, and good old-fashioned hackers will continue to target mobile banking apps. To repel the assault, financial services organizations need to be ready.

Appdome allows app owners to quell these threats remotely and without disrupting the development process. With the right Fusion approach, owners of mobile banking apps can place an extra layer of security between their users and cyber criminals.

Are your customers protected if they fall for the AndroidOS_Marchcaban.HBT scheme? Leave a comment and let us know how you are keeping your mobile banking app secure.

About the Author:

WordPress Video Lightbox Plugin