According to a recent report by Kaspersky, the number of mobile financial attacks it detected in the first half of the year rose by 107%, rising to 3,730,378. Analysts at the company said they discovered 3.7 million mobile financial attacks from January to June this year and found 438,709 unique users attacked by mobile Trojan bankers.
In the first half of 2019, attackers actively used the names of the largest financial services and banking organisations to attack mobile platform users. Researchers found 438,709 unique users attacked by mobile Trojan bankers. For comparison, in the first half of 2018, the number of attacked users was 569,057, a decrease of 23 per cent
Findings by Kaspersky showed the activity of a bank Trojan called Asacub banker, which attacked an average of 40,000 people per day, peaked rapidly in the second half of 2018 and reduced in half year 2019. The number of attacked users and detected attacks peaked rapidly in the second half of 2018; 1,333,410 users were attacked and there were 10,256,935 attacks.
The cybersecurity firm identified another malware, Anubis Trojan, which intercept data for access to services of large financial organisations and two-factor authentication data in order to extort money from users. The firm described the banking Trojan as one that spreads via instant e-messaging apps such as WhatsApp and sends a link to the victim’s contact list.
Lisa Baergen, director at NuData Security, a Mastercard company comments:
“Mobile banking fraud is easy to miss for consumers as Trojans are well hidden inside other legitimate-seeming applications or attachments. Once inside the customer’s phone, they can roam free to steal banking information or account assets.
With this increase on attacks through banking Trojans, it is hard for financial institutions to know if a legitimate user is making a transaction or someone else is hijacking the account. To avoid this growing type fraud many companies are including security layers that can see beyond credentials and passwords: passive biometrics.
Adding passive biometrics technology, banks are able to detect unusual behavior within an account, even if the right device is used. By having this visibility into the user’s behavior, banks can block or authenticate a user further when they detect unusual activity, thwarting account hijacking.
Building a holistic risk-based authentication infrastructure for user verification is proving effective in thwarting bad actors armed with stolen credentials or executing account hijacking. Many companies are now combining different layers of identification such as device, connection, and passive biometrics to power a dynamic and intelligent authentication system. This multi-layered security ensures a frictionless experience for customers while seamlessly eliminating fraudulent transactions.”