About Thawte

News

Cloned banking app illustrates the need for boosted security

These days, users simply can't be too careful on their mobile devices. As individuals leverage their smartphones, tablets and laptops for a rising number of tasks, the mobile platform is an increasingly attractive target for hackers looking to steal sensitive data for fraudulent purposes.

Many users are aware of the fact that mobile malware can present itself and spread through techniques taken from the its computer-based predecessors. However, a new trend is emerging in the mobile malware sector, where cybercriminals utilize the popularity or brand trust of a legitimate app to spread an infection. These "cloned apps" are popping up across the globe, and illustrate the need for boosted security both on the mobile platform and beyond.

Cloned banking app spreads malware in Israel
The majority of users have heard about the cloned "Flappy Bird" apps that have been making their way around app stores. Another infection is using the same technique to spread malware, piggybacking off of an Israeli banking application, according to Threat Post contributor Michael Mimoso.

The malicious program is a clone of Mizrahi Bank's legitimate Android app, popular among the financial institution's customers. Due to the emergence of a fake, however, the real applications has been taken out of Google Play.

While many typical malware infections aim to steal any sensitive data that could have value for hackers, Forbes noted that this program only targeted the user's ID, but not his or her password. It carried out this malicious strategy by having the individual enter his or her login information into the fake app. Once this information was inputted, though, the victim received an alert that the login had failed and instructions to download the real program.

"The authors put a wrapper around the bank's legitimate app and redistributed it on the Google Play store, pretending to be the financial institution," said security expert Meghan Kelly. "Indeed, those who built the malware inserted a comment into the code dictating that only the user ID be taken, not the passwords."

Experts speculate that this strange new approach to malware infection could be the cybercriminals' way of compiling information for a phishing scheme to take place later on, Mimoso noted. This way, the cyberthieves can leverage this data to track down these individuals and bait them to share additional personal details. Why the hackers didn't just steal this information through the fake app, however, is unclear.

Boosted security is a must
While the phishing scheme connected with this infection has yet to be reported, a data theft strategy of this kind could put a considerable number of users and their sensitive information at risk. Overall, this infection underscores the importance of security, both off and on the mobile platform.

In the case of businesses with BYOD programs, administrators must be vigilant in protecting company-owned intellectual property and databases. Encryption can ensure that no matter what device is being leveraged, the information remains readable only to those with the right authentication credentials.

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

We have updated our Privacy Policy which can be found here.

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?