FB pixel

Mobile banking malware growing rapidly, ThreatFabric warns

Mobile banking malware growing rapidly, ThreatFabric warns
 

Online payment fraud prevention provider ThreatFabric has shared research on the return of the Anatsa trojan virus, which is expanding its reach in Europe. It also shared a post explaining how its Fraud Kill Chain can find gaps in mobile malware detection.

Anatsa banking trojan returns in Europe

ThreatFabric has been monitoring the Anatsa trojan virus campaign since its Mobile Threat Intelligence team detected a reappearance of the Anatsa banking trojan campaign in November of 2023. Over four months, it saw five different waves of the campaign, each targeting a different region. It shared its findings in a blog post.

The virus, which is one of the most prolific, has expanded into Slovakia, Slovenia, and Czechia after formerly targeting the UK, Germany, and Spain.

The campaign promotes dropper applications on Google Play in target areas that often rank high in popularity, increasing credibility. Some droppers exploit the AccessibilityService.

All droppers download configuration and malicious executable files from their C2 server, allowing bad actors to make modifications as needed. They have the capacity to bypass restricted settings for AccessibilityService in Android 13.

One supposed cleaner app that was found in November claimed to require AccessibilityService. Initially, the app had no malicious code, but an update introduced malicious code, which altered the Accessibility Service functionality, allowing it to execute actions such as automatically clicking buttons when it received a configuration from the C2 server.

Hackers tailored the malicious code for one phase specifically for the UI elements of Samsung devices. Future adaptations may target other manufacturers.

The five droppers monitored in this report had over 100,000 installations over the course of four months.

Individuals can protect themselves by being cautious of what apps they download and whether or not they should enable AccessibilityService for an app to be able to conduct its operations.

Fraud Kill Chain can identify gaps in mobile detection

The Fraud Kill Chain can find detection opportunities and gaps to combat mobile banking malware. ThreatFabric highlighted the most commonly found gaps in detection in a recent post.

The number of banking malware families has steadily been on the rise for years. In 2023, ThreatFabric found 75 families, 26 of which had device takeover capabilities. Most were delivered through official app stores.

Attackers use a wide variety of tactics, techniques and procedures, giving a wide range of opportunities for detection, but such detection requires sensors and processes in digital channels.

ThreatFabric’s research found three major gaps in detection. There is a major detection gap into mobile channels in particular. There is also a lack of visibility with the user journey. The third most common gap is visibility on device risk.

Anti-fraud teams should alleviate these gaps by checking detection processes for mobile visibility, user session visibility, and device risk visibility. Using Fraud Kill Chain mapping can help teams identify issues in their attack chain. They should consider adding detection technology to mitigate any found gaps and stay up to date with evolving threats to mobile.

Earlier this year, ThreatFabric was recognized by Gartner as a Sample Vendor for Cyberfraud Fusion in its Emerging Tech Impact Radar: Security report. ThreatFabric CEO Han Sahin noted the importance of behavioral biometrics, recently added to its anti-fraud technology suite, in the company announcement of the recognition.

ThreatFabric raised €11.5 million in seed funding last year to expand its behavioral biometrics and fraud protection capabilities.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Fees for failed biometric verification enforced as Pakistan makes process mandatory

Easypaisa, a digital financial services platform in Pakistan, has begun charging users for failed biometric verification attempts. According to a…

 

Maldives outlines plan to upgrade digital ID system with $10M from World Bank

An influx of cash to support the development of digital identity and related technologies in the Maldives has arrived, and…

 

Deepfake financial fraud to surge over the next 12 months, Deloitte reveals

According to a recent Deloitte poll, more than half of C-suite executives and other senior leaders anticipate a rise in…

 

Philippines plans to complete universal digital ID registration in 2025

The Philippine Statistics Authority (PSA) is set to register the entire Filipino population in the Philippine Identification System (PhilSys) by…

 

Worldcoin pilots face biometrics, arrives in Poland

Worldcoin has launched its “humanness verification” with iris biometrics deduplication in Poland, and also introduced a set of new security…

 

IN Groupe begins exclusive negotiations to acquire Idemia Smart Identity

IN Groupe has emerged as the likely buyer of Idemia’s biometrics and identity verification business from Advent. An acquisition would…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events