How far can lenders push the credit box?

How far can lenders push the credit box?

Watt announcement helps, but risk keeps standards tight

Warren calls for GAO investigation of nonbank servicers

Asks GAO to review “unprecedented” growth of nonbank servicers

Freddie Mac CEO: We will help increase mortgage lending

Competition among two is still competition
W S

REwired

new REwired blog header
Opinion, commentary and analysis on everything that makes the U.S. housing economy tick -- not to mention the ghosts in the machine, too. Written by HW's team of editors and reporters each business day.
Lending

Source code for Trojan mobile banking app for sale on black market

Malware app can redirect calls, capture audio, texts

February 26, 2014
/ Print / Reprints /
| Share More
/ Text Size+

What device are you reading this blog on…your phone?

While the growing emergence of mortgage and banking technology makes life easier, just two steps behind the new technology is the heightened threat of getting hacked.

According to an article from Computerworld last week by Daniel Cohen, the source code for an Android mobile banking Trojan application was released on an underground forum, breaking down the door for a large number of cyber attacks.  

The malware app in question, referred to as iBanking, became available to the underground market late last year for $5,000.

The source code is the main foundation for many banking applications, unlocking a highly secure door to borrowers’ bank account and personal information. The app is a response to security measures put in place by banks that work by sending unique one-time-use codes to their customers' registered phone numbers. 

In addition to capturing text messages, the app can also redirect users' calls and hack the phone's microphone to capture audio. It can also steal phone contacts and other sensitive information.

Scared yet?

If this wasn't reason enough to be concerned, the article noted that the app can be customized to masquerade as a security app or an app created by a targeted financial institution. Plus, during installation it asks for administrative rights, which can make it harder to remove at a later time.

As the mortgage industry seeks to convert more functions to mobile platforms, the threat of these kinds of hacks becomes even more ominous.