Sharp Increase in Malicious Banking Software Shows Need for Increased Security

A sharp increase in the volume of malicious software was observed, going for money and banking credentials theft from affected user accounts, according computer security researchers from Kaspersky. The security company noticed the trend in Q1 2020, with 42,115 files on this kind being found. This was an increase of two and a half times more than Q4 2019.

Attempts made to steal that kind of information through mobile banking are a known and established threat in the cyber community. They're used to steal funds right from bank accounts of affected victims. Malicious programs of that kind are often made to imitate legitimate financial apps, but when the victim attempts to access the genuine banking app, the attackers may have access to their login details.

The company found out that more than 42,000 modifications of banking Trojans were active in the first quarter of 2020, with an increase in the last 18 months. Bankers threatened by the mobile landscape through the quarter also increased by a 3.65%, showing a growth of 2.1 percent compared to the last quarter of 2019. The most affected country by far in terms of users attacked with mobile banking Trojans was Japan, with an 0.57% increase, followed closely by Spain with 0.48% and Italy with 0.26%.

What Actions Can Users Take to Reduce Risk?

• Installing applications from trusted sources, such as the official Google Play store
• Using a reliable security solution for your device that protects you from malware and its actions
• Never perform the rooting procedure, as that may allow cybercriminals access to a device, giving them an open door to exploit it.
  Keeping an eye open for social engineering tricks is also required, as a lot of today's threat actors use those to scam their victims into unwittingly infecting their devices.
• Never respond to suspicious emails or click on embedded links in such cases. Call the source allegedly sending the email for a confirmation if you’re not entirely sure who sent the email. If an email claims to be from a financial institution, make sure you check with them whether they sent an email at all.