Authentication & Security

How To Protect Android Banking Apps From Malware

The recent case of WannaCry ransomware reminded us to be cautious of the growing malware menace that ended up infecting thousands of systems around the globe. Regardless, the scale of the ransomware attack may give rise to other malware attacks such as Android malware invasions.

The latest smartphone statistics from Gartner are not surprising as they reveal the soaring popularity of Android smartphones around the globe. According to the survey, over 350 million smartphones sold in Q4 2016 were running an Android operating system. The ever-increasing popularity and most probably the open-source nature of the OS is perhaps what attracts cybercriminals to make relentless efforts to hack into the device and salvage the personal data of users.

Cybercriminals use specialized malware to carry out the hacks and achieve their ulterior motives. Australia, where cybercrimes like data and identity theft are common, and in fact, on the rise, is also not safe from the invasion of Android malware.

Cyberattackers Use Malware to Steal Banking Details

Last year, cybersecurity researchers at ESET came across a malware, aka Android/Spy.Agent.SI, which could put millions of Australian customers’ bank account details at serious risk. The malware could copy popular banking apps from different countries such as CommonWealth Bank, NAB and ANZ banks in Australia. As a result, the malware would show an overlay screen on the infected apps, showing fake username and password fields for snatching these sensitive details.

The malware was so potent that it could circumvent the two-factor authentication security of the app, thereby revealing the details to the hackers. Later the same year, security researchers at Kaspersky Lab also discovered a similar but modified Trojan malware that could bypass the Android 6’s security features. As a result, the hacker could be able to steal the bank account details of the online banking app users.

Fast forward to 2017, a small group of Russian hackers used a malware to dupe Russian bank users, stealing over $800,000. The hackers deceived the unsuspecting users by showing them fake banking apps that were plagued with the malware that would steal their money.

How to Protect Android From Malware

Be it a ransomware attack or a malware attack, these cyber threats aren’t going to go away anytime soon. Fortunately, there are ways we can prevent these attacks and the ensuing calamities.

1. Install Latest Security Patch: More often than not, attackers carry out successful hacks by exploiting security vulnerabilities in the system software, and Android is no exception. By exploiting a security hole in your Android, a hacker or snooper can inject a malware or any other malicious tool that could result in GPS hijacking, data theft, and identity theft, to name a few. Therefore, it is imperative to install security patches as soon as they are released by the vendor.

2. Avoid Pirated Apps: There are many Android users who readily root their devices so they can have more control on the OS. In fact, in most cases, users end up rooting their devices so they could install a new version of the OS that is not officially available for the specific device. Keep in mind that APK files are easily hacked. Any individual with the wrong intention of stealing your personal data can install a malware into the APK and leak your data without your knowledge. The best way to prevent such malware is by avoiding pirated apps altogether.

3. Checkout Permissions: Before you download an app from Google Play Store, you may have noticed that the Play Store asks for certain permissions. It is important that you read the permissions thoroughly to ensure that the app isn’t asking for any unnecessary permissions. For instance, a recipe app would not require permission for your GPS. If it does, it is most likely an unreliable app. In such situations, avoid downloading the app and report it as well.

4. Use Security Tools: Be it a computer or an Android device, installing the right security tool can help users avert the calamity caused by cyberattacks. Especially, if you are a savvy online banking app user, it is important that you use some kind of security tool, or best yet encryption tool. With encryption in place, you can have a safe environment to make online transactions.

Digital privacy and security are getting weaker with every passing year. As more and more cyberattacks continuously invade different sectors, it won’t be too long before cybercriminals freely roam the digital space. However, by implementing the security tips mentioned above, not only can you protect your device but also take a firm stand against the rising plague of cyberthreats.

Sufian Farrukh

Sufian Farrukh is an Online Security Analyst and Research Supervisor at various universities. He covers a wide range of IoT, online security and privacy-related issues and designs awareness campaign for millennials.

Apply to Become a Contributor