Tread carefully: The latest malware on Android devices is designed to capture the TAC for your mobile banking transactions.—123RF
If you regularly use a mobile banking app on your Android smartphone, you might want to read this.
According to the Kaspersky Security Bulletin Overall Statistics Report for 2015, mobile financial threats have entered the top ten list of malicious programs designed to steal money.
The report goes on to explain that variants of the Faketoken and Marcher Trojans take residence on your devices and attempt to steal your payment details.
In the case of Faketoken, when a user is performing and online banking session on a PC, Trojans that have infected the PC will pretend to be a request from the bank to download an Android application.
The malicious hacker then uses Trojans to capture the user’s private information when banking on the PC and at the same time, capture the TAC number when it arrives on the Android smartphone for each transaction.
This information is then transmitted to the hacker to use to transfer money out of the victim’s account.
The Marcher Trojan, on the other hand, tracks the launch of just two apps after infecting a device – the mobile banking app of a European bank and Google Play.
If the user starts Google Play, Marcher displays a false window requesting credit card details which then go to fraudsters.
The same method is used by the Trojan if the user starts the banking application.
“This year cybercriminals focused time and resources in developing malicious financial programs for mobile devices. This is not surprising as millions of people worldwide now use their smartphone to pay for services and goods. Based on current trends, we can assume that next year, mobile banking malware will account for an even greater share,” said Yury Namestnikov, senior security researcher at the Global Research and Analysis Team of Kaspersky Lab.