Mobile Malware Research Team of McAfee reported they detected malware that targets Mexico and mimics a banking security tool or bank application for reporting an out-of-service ATM. In both cases, the malware takes advantage of the sense of urgency due to the COVID-19 pandemic to persuade targets to use them.
This malware and its variants, currently identified by McCaffee as Android/Banker.BT, hijack a set of authentication keys from victims to access their accounts and steal sensitive information.
The malware is distributed through a phishing page that claims to provide banking security tips. It then asks victims to download or install apps that can report unauthorized transactions.
Criminals can also approach the victims directly via phone calls, which happens quite often in Latin America.
However, this fake app has not been seen on Google Play.
During the epidemic, banks experimented with innovative means of interacting with their customers who started using online financial services more often. The rise of digital banking and the associated changes in how banks interact with their customers caused many cyber-criminals to carry out phishing and other fraudulent activities.
Here are some crucial tips to get protected against this and other similar threats:
- Install security software on your mobile devices.
- Consider downloading and installing suspicious applications with caution, especially if they ask for SMS or Notification listener privileges.
- Over SMS message authentication, leverage token-based second authentication factor applications (hardware or software).
- Use official app stores, but don’t put your complete faith in them because malware may be spread through them as well. Check for permissions, read reviews, and look for developer information if it’s accessible.