Mobile banking has been rising rapidly through the years. In fact, there are reports stating that customers are depositing more checks through smartphones and ATMs than in physical branches.
With this stunning growth, the security of mobile banking apps is as important now as ever. Cyber criminals are increasingly targeting smartphones as vectors for data theft and malicious scams designed to steal your personal and financial data.
Currently, banks are securing their mobile apps with a variety of identification tools like two-factor authentication, biometric fingerprint scanning and complex passwords. These tools work for the most part but they're virtually useless if hackers manage to infect your smartphone with malware that allows them to take full control.
One such malicious software infecting Android phones running Marshmallow has been discovered recently by security researchers.
The new threat, which appears to be a modified version of an older mobile Trojan malware known as Gugi, is designed to steal personal information by creating fake overlay screens on mobile banking apps and the Google Play store.
According to reports, Gugi circumvents security features in Android Marshmallow by fooling users into installing the malware with a text message containing a poisoned link.
One variation of the text message reads:
"Dear user, you receive MMS-photo! You can look at it by clicking on the following link."
Clicking the link will download a fake digital image named "img67123987.jpg" to the phone. This file is actually the Trojan malware in disguise and clicking on it will prompt the user to grant it "additional rights." This exploits Marshmallow's feature that allows apps to overlay itself on other apps as a safeguard against phishing and ransomware attacks.
Once the malware is granted these rights, it starts a snowball effect of additional permission requests. This is another Marshmallow security feature that it exploits, the capability of apps to ask for more permissions than the initial ones granted upon installation.
Once all these security exploits are in place, victims will be forced to grant the malware all the administrative privileges it asks since it will overlay itself over other apps with only one option - "Activate."
"Activating" will give the malware the ability to create even more fake overlays that will mimic the real mobile banking apps. If you put your credentials on any of these fake overlays then it's game over; the hackers get your information.
On the other side, if the victim refuses to "Activate," Gugi will block the device rendering it useless. The only fix is booting the phone in Safe Mode and to manually uninstall the malware.
Although this malware was spotted mainly in Russia, this attack could easily spread to other countries, like the U.S., which is among the countries with the most malware targets overall.
Protect yourself against Gugi and other emerging attacks
As always, to protect yourself against Android malware, the best practice is to be careful with links and websites you visit. Drive-by malware downloads could happen anytime without you knowing it. Don't grant any system permission for prompts coming from unknown sources.
Also, avoid downloading and installing apps from "Unknown Sources." Only download apps from the official Google Play app store and make sure you check user reviews, too, before installing.