Beware Of These 5 Mobile Banking Cyber Attacks in 2022
1. Bazos Attack on 3DSecure
Fraudsters taking advantage of a payment system’s vulnerabilities are an ongoing issue. In this case, these cybercriminals pretend to pay for goods on classified ads platform Bazos, when in reality, they’re stealing the money of its customers who were trying to sell items on the platform.
In addition to these bad actors taking advantage of the platform, there’s an issue with the way that banks communicate the transactions to the people making them — this ambiguous messaging leads to misunderstandings, and ultimately, Bazos customers end up losing money. For example, someone seeing the message “Please confirm the payment of 500 EUR” might assume that they’re confirming an incoming payment, while instead, they’re being tricked into making a payment to a cybercriminal.
Mobile malware on app marketplaces is virtually always present. In various shapes and forms, malicious apps pretend to offer legitimate services, but later, they force users to install banker malware.
Recently, a malicious 2FA authenticator app on Google Play made headlines. This is one example of many fraudulent apps masquerading as an upright service.
In general, multi accounting is the act of purposefully creating multiple accounts in order to abuse a system. Multi accounting attacks on banking steal the credentials of victims while attackers pair their accounts to mobile banking on attacker’s devices. After the fraudsters pair the victim’s device, they usually max out the pre-approved loans and launder the money off the bank account. Then, they focus on another victim, rinse, repeat.
Banks often design new ways to make mobile banking recovery simple and fully online. One of the methods that we’ve come across was the use of the “recovery codes” that are presented to the user on their first login.
Recovery code account hijacking hacks mobile banking applications by utilizing phishing techniques. This would be nothing new, but the attackers pair an app only to rewrite the user’s recovery info. After that, they unpair the app. The bank customer may notice some suspicious activity and check their internet banking (or get in touch with the bank’s call center) in order to verify that everything’s in order. Even though the bank will assure the customer that there are no issues, the customer’s recovery codes will stay active. Because of this, the attacker can use them to silently connect to new mobile banking and steal the customer’s money.
This attack’s technique is simple — attackers will repeatedly send push approval requests to eventually wear down customers until they approve the request. (No one likes to be nagged, even when it comes to applications that contain sensitive data, such as mobile banking apps.)
Key Considerations
When taking each of the aforementioned threats into consideration, here are some general rules of thumb to keep in mind while navigating the modern mobile banking landscape.