Source code for Trojan mobile banking app for sale on black market
Malware app can redirect calls, capture audio, texts
What device are you reading this blog on…your phone?
While the growing emergence of mortgage and banking technology makes life easier, just two steps behind the new technology is the heightened threat of getting hacked.
According to an article from Computerworld last week by Daniel Cohen, the source code for an Android mobile banking Trojan application was released on an underground forum, breaking down the door for a large number of cyber attacks.
The malware app in question, referred to as iBanking, became available to the underground market late last year for $5,000.
The source code is the main foundation for many banking applications, unlocking a highly secure door to borrowers’ bank account and personal information. The app is a response to security measures put in place by banks that work by sending unique one-time-use codes to their customers' registered phone numbers.
In addition to capturing text messages, the app can also redirect users' calls and hack the phone's microphone to capture audio. It can also steal phone contacts and other sensitive information.
If this wasn't reason enough to be concerned, the article noted that the app can be customized to masquerade as a security app or an app created by a targeted financial institution. Plus, during installation it asks for administrative rights, which can make it harder to remove at a later time.
As the mortgage industry seeks to convert more functions to mobile platforms, the threat of these kinds of hacks becomes even more ominous.