FBI: Using mobile banking is very risky for normal users

The US Federal Bureau of Investigation (FBI) has just warned users of mobile banking apps that, in upcoming weeks, they will be increasingly targeted by hackers willing to extract their access credentials and take over their accounts.

The alert was released by the Internet Crime Complaint Center (IC3), and says the increasing use of such applications during the social distancing measures has played a key role to lure the attention of threat actors.

The federal agency expects malicious hackers are focusing on banking app users because the use of these platforms has considerably grown during recent months. As coronavirus is still around people should stay at home, so any transfer, payment or banking state check must be done online. The FBI estimates that over 70% of American citizens rely on the use of banking apps, so the scope of a hacking campaign is immense.

US authorities say among the most likely to be used techniques are banking app spoofing, phishing attacks and application based banking Trojans: “When downloading a new app, users should take their time to check which permissions these apps are asking for; malicious apps ask for too much permissions on the affected systems”, the security alert says.

Application-based Trojans are not intended to sniff around the affected users’ operating system. Instead, the malware remains inactive and only starts running when the victim opens a legitimate banking app, getting access to confidential information. “Then, the Trojan creates a fake version of the bank login page, which is shown over the legitimate application”, cybersecurity experts added.

After users enter their data in this fake and the information is sent to a server controlled by the hackers, the malware redirects the victim to the legitimate application, so there will be no indications of attack.

While this technique is very common, the most popular attack is the creation of fake banking apps. If users install these malicious apps, they will be able to collect the financial information of the victims without problems:”These apps provide an error message after the login attempt and will use smartphone permission requests to obtain and omit security codes sent by text message to users,” the FBI assures.