Avast: Consumers at Risk of Financial Loss as Mobile Banking Trojans Threaten to Spread Confusion Worldwide

Fake mobile banking app interfaces mimic major blue chip bank apps; more than one in three consumers fooled by fraudulent versions

BARCELONA, Spain & REDWOOD CITY, Calif.--()--Consumers around the world that use mobile banking apps are at a greater risk of being tricked by cybercriminals and falling victim to mobile banking theft. This is according to new global research from Avast, the leader in digital security products, which asked almost 40,000 consumers in Spain and eleven other countries around the world to compare the authenticity of official and counterfeit banking application interfaces.

Globally, 58% of respondents identified the official mobile banking app interface as fraudulent while 36% mistook the fake interface for the real one. In Spain, the results were similar at 67% and 27% respectively, compared to 40% and 42% in the U.S. The findings highlight the level of sophistication and accuracy applied by cybercriminals to create trusted copies designed to spy on users, collect their bank login details, and steal their money.

Avast has detected a number of mobile banking Trojans in recent months - a privacy and security threat that is on the rise. The banks targeted by cybercriminals and under the microscope in the survey include Citibank, Wells Fargo, Santander, HSBC, ING, Chase, Bank of Scotland and Sberbank. Despite having strict security measures and safeguards in place, the large customer bases of each bank make them attractive targets for cybercriminals to develop fake apps that can mimic their official apps.

In November last year, Avast’s Threat Labs Mobile team discovered a new strain of the BankBot Trojan in Google Play targeting consumers’ bank login details. Avast analyzed the threat in collaboration with ESET and SfyLabs. This latest variant was concealed in supposedly trustworthy flashlight and Solitaire apps. Once downloaded, the malware would initiate and target the apps of large blue chip banks. If a user opened the banking application, the malware would create a fake overlay on top of the genuine app with the goal of collecting the customer’s banking details and sending them on to the attacker.

“We are seeing a steady increase in the number of malicious applications for Android devices that are able to bypass security checks on popular app stores and make their way onto consumers’ phones. Often, they pose as gaming and lifestyle apps and use social engineering tactics to trick users into downloading them”, said Gagan Singh, Senior Vice President and General Manager of Mobile at Avast.

“More often than not, consumers can rely on trusted app stores like Google Play and Apple’s App Store to download applications, but extra vigilance is also advised. It’s important to confirm that the banking app you are using is the verified version. If the interface looks unfamiliar or out of place, double-check with the bank’s customer service team. Also use two-factor authentication if it’s available and make sure you have a strong antivirus for Android installed to detect and protect you from money-grabbing malware.”

The survey also found that consumers across the globe are more concerned about having money stolen from their checking accounts than losing a wallet or purse or having their social media accounts hacked and their personal messages read. Globally, 72% of respondents voiced financial loss as their primary concern. In Spain, 85% of consumers said the same and 71% in the U.S.

Roughly two in five (43%) survey respondents worldwide said they use mobile banking apps. In both Spain and the U.S., almost half (46%) said they were active users. Of the respondents that don’t bank via smartphone or tablet, almost one third (30%) pointed to a lack of security as the leading concern. This concern was shared by 21% of the respondents in Spain and 36% in the U.S.

The online survey was carried out in 12 countries, including the U.S., UK, France, Germany, Russia, Japan, Mexico, Argentina, Indonesia, Czech Republic, Brazil, and Spain. A total of 39,091 respondents took part.

Avast will be showcasing its mobile security solutions at its booth at Mobile World Congress in hall 7, stand 7C60.

Media: Gagan Singh, SVP and general manager of Mobile at Avast, and Nikolaos Chrysaidos, Head of Mobile Threat Intelligence & Security, are available for briefings about mobile security at Avast’s booth.

About Avast:

Avast (www.avast.com), the global leader in digital security products, protects over 400 million people online. Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company’s threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, OPSWAT, ICSA Labs, West Coast Labs and others. Avast is backed by leading global private equity firms CVC Capital Partners and Summit Partners.

Contacts

Avast
Marina Ziegler, +49 176 10214771
ziegler@avast.com
or
Jen Bennett, 415-596-6770
jennifer.bennett@avast.com

Contacts

Avast
Marina Ziegler, +49 176 10214771
ziegler@avast.com
or
Jen Bennett, 415-596-6770
jennifer.bennett@avast.com