From this year, hackers began to use new viruses that can enter the bank’s application on a mobile device and withdraw money from the victim’s account. Two Russian banks have already reported on this type of fraud.
Hackers use a new type of attack for the Android operating system. Fraudsters disguise viruses as applications or distribute them as links. After downloading and installing such a file, the virus begins to perform its functions without the user’s knowledge. The programs are able to automatically transfer money from the victim’s account to cybercriminals through the available mobile banking application.
Group-IB specialists first discovered such an attack in the spring of 2019. Then the new mobile Trojan Gustuff was modified, which appeared in December 2018 and created by a Russian-speaking hacker. This type of virus, experts noted, threatened only 100 foreign banks.
A new type of Trojan attacked at least two Russian banks in 2019 – Moscow Credit Bank and Post Bank. Representatives of the first noted that there are few cases of theft. The second confirmed one-time problems and talked about preventing fraud.
“From July 2018 to June 2019, hackers were able to steal 110 million rubles (1,7 million $) with the help of Trojans for Android,” reported Group-IB.
However, compared to the same period last year, the indicator fell by 43%. It is reported that now hackers have mainly switched to the international market and only in rare cases continue to modify the application to attack the Russians.
According to the representative of Group-IB, the activity of Trojans in Russia decreased after the detention of the owners of the largest Android botnets, as a result of which hackers switched to the international market.
“However, some attackers modify applications and sell Trojans for subsequent attacks on users in Russia. This is a rare practice.”
Earlier, the head of the Computer Security Association, Roman Romachev, said that data leaks will continue until banks become responsible for this.