In the endless cycle of cybercrime whack-a-mole, fraudsters just scored a win with a sophisticated campaign using real-seeming apps as “droppers” carrying trojan code designed to steal banking passwords and data from devices, leading to an estimated 300,000 infections.
A recent analysis by cybersecurity firm ThreatFabric of apps in the Google Play app store found that fraudsters exploited Google Play’s own efforts to weed out fraudulent apps by creating functioning (but fake) apps — a free PDF reader, for example — that loaded malware through legit-looking requests to update the trojan apps. While undetected, they were screen-scraping, recording keystrokes and stealing passwords.
The real target of this coordinated effort involving the Anatsa, Hydra/Ermac, Alien and GymDrop malware families, among others, was consumer banking apps and data.
In a blog post, ThreatFabric said that bad actors “are focusing on loaders with a reduced malicious footprint in Google Play, considerably increasing the difficulties in detecting them with automation and machine learning techniques. This is one of the core reasons for the significant success of mobile banking threat actors in sneaking into Google’s trusted app store.”
Looking into the evolving strategies and attention to detail behind app-based cyberattacks, ThreatFabric noted that “to make themselves even more difficult to detect, the actors behind these dropper apps only manually activate the installation of the banking trojan on an infected device in case they desire more victims in a specific region of the world. This makes automated detection a much harder strategy to adopt by any organization.”
This incident is the latest in a surge of pandemic-era app fraud that has consumers on edge. “The Passwordless Future: Decoding Consumers’ Device-Based Authentication Preferences,” a PYMNTS and Entersekt collaboration, found that 79% of account holders believe many entities “want access to their personal data, including everything from charitable organizations to credit card-issuing banks to retail merchants and financial services providers they do not use.”
Get the study: The Passwordless Future: Decoding Consumers’ Device-Based Authentication Preferences
Passwords Are Facing Retirement
Carried out over a period of four months, this latest breach of Android apps is eliciting grave reactions across the spectrum, as it shows a new level of strategy among fraudsters.
As Wired reported, “the malware family responsible for the largest number of infections is known as Anatsa. This ‘rather advanced Android banking trojan’ offers a variety of capabilities, including remote access and automatic transfer systems, which automatically empty victims’ accounts and send the contents to accounts belonging to the malware operators.”
Consumers are placing a higher value on data security than ever before, as are world governments. Though this new wave of Android-focused bank app crime is concerning as it’s been engineered to avoid detection, people want those protections in place.
According to the PYMNTS/Entersekt study, “Today’s consumer is not just particular when it comes to user experience, but is also aware of the value of their personal data and wary of circumstances when its misuse might occur — especially given bad actors’ ease of breaching password-based security.”
Passwords have been on the hot seat for some time, with worries accelerating over the course of the pandemic as online fraud and theft grew apace with booming eCommerce.
Consumers’ choice of passwords is under greater scrutiny now, as digital identity and cyberfraud solution providers call on individuals to do their part by using more obscure passwords until biometrics and other technologies can finally retire the password.
In late November, password organizing platform NordPass released its annual Top 200 Most Common Passwords list, which illustrates inherent password weakness. For example, the new list shows that in both the U.S. and the U.K., the most commonly used password is “123456,” followed by “password.”
See also: New User Authentication System Sets Stage for a Passwordless Future
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More