www.americanbanker.com Open in urlscan Pro
143.204.98.91  Public Scan

Form analysis
2 forms found in the DOM

https://www.americanbanker.com/search#nt=navsearch

<form class="Page-header-search-form" action="https://www.americanbanker.com/search#nt=navsearch" novalidate="" autocomplete="off">
  <label>
    <input placeholder="Find your interests" type="text" class="Page-header-search-input" name="q" required="true">
    <span class="sr-only">Search Query</span>
    <button type="submit" class="Page-header-search-submit">
      <svg>
        <use xlink:href="#icon-magnify"></use>
      </svg>
      <span class="sr-only">Submit Search</span>
    </button>
  </label>
</form>

<form action="" onsubmit="LO.submit_chat(); return false;">
  <div id="lo_chat_input" style="position:relative; width: 100%; ">
    <div class="lo-fx-hr" style="height:0px; margin-bottom:0px; margin-top:0px; width:100%; border-top:1px solid #000000;border-bottom:1px solid #4f4f4f"></div>
    <div style="padding:10px;"><label for="lo_chat_textarea" style="display:none">Chat Input Box</label><textarea id="lo_chat_textarea" disabled="disabled" rows="2"
        style="color: black; background-color: rgb(255, 255, 255); border-radius: 5px; padding: 7px; height: auto; width: 100%; font-family: sans-serif; text-transform: none; resize: none;" dir="null" data-last-scroll-height="0"></textarea></div>
    <div id="lo_chat_sound_holder" style="position:absolute; right:0px; top:-25px; width:100%;">
      <div style="cursor: pointer; float:right; opacity:0.6; padding-right:10px; height:16px;" id="lo_chat_sound"><img alt="Click to mute chat sounds" src="https://d10lpsik1i8c69.cloudfront.net/graphics/sound-on-white.png"></div>
      <div id="lo_chat_status" style="padding-left:10px; font-size:11px; color:#6d6d6d"></div>
      <div style="clear:both;"></div>
    </div>
  </div>
</form>

Text Content

Author
Log In
Subscribe
 * Leaders
 * Policy & Regulation
 * Credit unions
 * Community Banking
 * More
   
    * Fintech
    * Consumer Finance
    * Digital Banking
    * BankThink Opinion
    * Events
    * Resources
    * Advances in Tech
   
    * Fintech
    * Consumer Finance
    * Digital Banking
    * BankThink Opinion
    * Events
    * Resources
    * Advances in Tech

Follow Us In Real Time
 * twitter
 * facebook
 * linkedin

© 2022 Arizent. All rights reserved.
Menu

Show Search
Search Query Submit Search
Log In
Subscribe
 * Leaders
 * Policy & Regulation
 * Credit unions
 * Community Banking
 * More
   
    * Fintech
    * Consumer Finance
    * Digital Banking
    * BankThink Opinion
    * Events
    * Resources
    * Advances in Tech

Follow Us In Real Time
 * twitter
 * facebook
 * linkedin

 * Women in Banking
 * Payments
 * Ranking the Banks
 * American Banker Magazine




TAGS

Payment fraud Malware
BankThink


NEW BOT MALWARE LEAVES FINANCIAL APPS DANGEROUSLY EXPOSED

By  Tom Tovar August 04, 2020, 12:01 a.m. EDT 2 Min Read
 * Twitter
 * LinkedIn
 * Email
 * Show more sharing options
   Share Show more sharing options

Close extra sharing options
 * Twitter
 * LinkedIn
 * Email

REGISTER NOW

In June, the FBI issued a warning about the safety of mobile banking apps,
particularly highlighting the danger of trojans designed to capture passwords,
steal financial information and take over accounts.

The EventBot trojan, for example, which appeared in April, masquerades as an
Adobe or Microsoft Word app for Android, but its true purpose is to steal
information from unprotected financial apps on the device.

EventBot is a particularly frightening development for mobile banking for three
reasons. First, it hides in an altered version of an app that seems legitimate.
Second, it currently focuses on stealing unprotected information in banking,
wallet, payment and cryptocurrency mobile apps.



The malware is even able to intercept SMS messages so it can steal two-factor
authentication codes along with user credentials and passwords. Finally, the
malware is evolving quickly, as it appears a team with an entrepreneurial
strategy behind it. As security measures catch up to EventBot, they seem ready
to find new vulnerabilities to exploit.



The risk, though, goes far beyond trojans like EventBot. Banking apps are
dangerously insecure, and cybercriminals have taken notice, especially since the
pandemic has increasingly pushed consumers to bank using mobile apps.

Forbes, for example, reports a 35%-80% increase in mobile banking as a result of
COVID-19. And mobile app development, in general, is nowhere near where it needs
to be in terms of security. According to the Verizon Mobile Security Index 2020,
43% of organizations said they knowingly cut corners on mobile security in 2019
to “get the job done.”

There are many vulnerabilities that are prevalent in banking apps, but the most
common are:



Unencrypted dynamic data. These strings communicate with the bank’s back-end
servers and include vital information that cybercriminals can use to compromise
it.

Security certificates stored in the clear. If the security certificate is
exposed, hackers can decrypt all communications between the customer and bank.
It makes it simple to perpetrate a man-in-the-middle attack.

Insecure APIs. Trend Micro found 50 major financial institutions plus scads of
fintech startups using APIs with serious security flaws. Insecure APIs can
expose secrets and enable hackers to compromise apps and servers.

Mods and Fake Apps. Many apps do not obfuscate their code or protect their
binaries against debuggers, which enable hackers to understand the inner
workings of the app to create Trojans or fake apps like EventBot.

It doesn’t have to be this way. Implementing security manually into banking apps
is expensive and time-consuming, and that assumes development teams manage to
hire and hold on to increasingly scarce Android and iOS security talent. There
are more efficient alternatives, such as integrating security software
development kits (SDKs) into apps or taking advantage of AI-powered no-code
platforms that can secure apps in minutes with just the binary.

In any case, mobile banking app security must be a top priority for developers.
Because if consumers come to believe they cannot trust their institution’s app,
they will likely leave to find one they can.

Tom Tovar
CEO, Appdome
 * Twitter
 * LinkedIn
 * Email
 * Show more sharing options
   Share Show more sharing options

Close extra sharing options
 * Twitter
 * LinkedIn
 * Email

Reprint
For reprint and licensing requests for this article, click here.
Payment fraud Malware Security risk Payment processing Mobile payments
TRENDING
 * M&T plans balance sheet makeover amid sluggish performance
   The Buffalo, New York, bank is tweaking its loan mix and reducing some
   deposits in interest-bearing accounts. It says the moves should boost its net
   interest margin, which has declined in almost every quarter since the start
   of the pandemic.
   
 * BofA to make $100 donation for each boosted U.S. employee
   Bank of America is donating $100 to local food banks and hunger-relief
   organizations for employees who register their COVID-19 booster.
   
 * CFPB launches broad review of consumer banking fees
   Rohit Chopra, the director of the Consumer Financial Protection Bureau,
   described many charges by banks, credit unions and fintechs as "junk fees"
   and said they often exceed the cost of providing the service. Several trade
   groups called Chopra's claims "distorted and misleading."
   


MORE FROM AMERICAN BANKER
 * Commercial banking
   The biggest bank M&A deals of the last decade
   Seven of the 10 largest merger agreements since 2012 have been struck in the
   last year and a half. Here’s a look at how they stack up against each other.
   By Kevin Wack
   1h ago
   
 * Politics and policy
   Fed, FHFA nominees advance, ending GOP boycott
   All five of the Biden administration's nominees received enough votes to
   secure passage to the Senate floor. Chair Sherrod Brown of Ohio called the
   moment "historic."
   By Brendan Pedersen
   2h ago
   
 * Technology
   Capital One plans expansion in Atlanta
   The credit card company said it will open a new office in the city and hire
   hundreds of product managers and engineers.
   By Polo Rocha
   5h ago
   
 * Compliance
   Powell: Fed 'making do' without regulatory committee, vice chair
   During his March Federal Open Market Committee meeting press conference,
   acting Federal Reserve Chair Jerome Powell said the Fed's supervision and
   regulatory panel was no longer active and key decisions about stress tests
   and bank mergers were being handled by the full board.
   By Kyle Campbell
   5h ago
   
 * Community banking
   Activist groups upping pressure on Republic First in Philadelphia
   The Vernon Hill-led bank is being buffeted by a board rebellion, a lawsuit
   and a burgeoning proxy fight all tied to the complaints of two investor
   groups that say their returns are subpar if not in the negative.
   By John Reosti
   5h ago
   
 * Politics and policy
   Citi’s latest political foray: Abortion-related travel expenses
   The megabank will cover costs incurred by employees and family members who
   travel out of state to receive an abortion. The policy drew immediate fire
   from Republicans in Texas, which has banned abortions after six weeks of
   pregnancy, and where Citi has been tangling with the GOP over gun policies.
   By Allissa Kline
   5h ago
   

All in on Wealth Management
Banks of all sizes are looking to wealth management as a source of long-term
growth. But with so many vying for the same customers, which ones will succeed?
Subscribe


Follow Us In Real Time
 * googlenews
 * twitter
 * applenews
 * facebook
 * linkedin

 *  * About Us
    * Contact Us
    * The Magazine
    * Daily Edition
    * Banker's Glossary

 *  * RSS Feed
    * Privacy Policy
    * Subscription Agreement
    * Content Licensing/Reprints
    * Advertising/Marketing Services

© 2022 Arizent. All rights reserved.
© 2022 Arizent. All rights reserved.






Live Chat is Online 
Chatting
0
×
–

undefined



Chat Input Box

Chat
Powered by