By Manish Mimani Founder & CEO, Protectt.ai
Recent days have seen Indian mobile banking app users being hit by malware like Oscorp, Brata, SOVA, etc. that defraud victims by remote access controls, collecting keystrokes, or stealing cookies from devices. Many of these Malwares also seize the multi-factor authentication tokens.
Furthermore, this malware can capture screenshots, and record videos from the device’s camera without the permission of the users. One of the Android Trojan recently in highlights is SOVA Malware which has harmful capabilities like keylogging, overlay attacks, Screen Shots Capturing & abuse of accessibility permissions. Mostly, this is sideloaded from phishing links sent to users on E-Mail/SMS/WhatsApp.
Here are the quick three actions, mobile banking app services providers should take to fend off these Malware threats:
1) Avail services of a specialized mobile threat defense (MTD) solution that is designed to not only fend off but also comprehensively protect the banking app from unknown threats on customers’ devices. It is required that the mobile banking apps are equipped with a Runtime Application Self-Protection (RASP) framework so that potential threats are addressed on a real-time basis
2) Test their Apps in a Simulated environment for Malware Threats like App Spoofing, Remote Access Trojans, Prevention from Rooted / Jail Broken Devices, and Screen Over Lays control
3) Run a strong Consumer Awareness Campaign covering:
a) Sensitize Customers to avoid clicking unverified links or downloading unverified apps on
their phones.
b) Install Anti-Virus App on personal devices and Scan devices at regular intervals
c) Regularly check the sensitive permissions granted to Apps on Devices and take
corrective actions by removing permissions wherever irrelevant or out of context.