Wednesday, August 22, 2012

Man-in-the-Mobile Attacks Target the Bank Accounts of Android Users

Android users in Portugal, Spain, the Netherlands, and Germany have been plagued by man-in-the-mobile (MITMO) attacks which enable cybercriminals to gain access to victims' banking data and make fraudulent transfers.

Image source: Photozou / CC BY 2.1
Powered by malwares such as Tatanga and SpyEye (SPITMO), these attacks start off as web injections via Windows users' PCs and come under the guise of notices from the victims' financial institutions instructing them to install a security application onto their mobile phones. If installed onto a device that runs on Google's operating system, the app gives the attacker access to all SMS traffic, including banking transaction authorization codes.

With Android devices accounting for most of the smartphone market in these countries, the Android platform is the obvious target and you must ask how many of your CU's members are also Android users. On the upside, there are preventative technologies out there, such as Guardtime's keyless data integrity validation service which shows when a MITMO attack has occurred and can help your CU intercept the attacker.

Learn more about how to spot these attacks.

No comments: