Ex-NFL star sentenced to five years in prison for mortgage fraud

Ex-NFL star sentenced to five years in prison for mortgage fraud

Irving Fryar and his mother convicted of conspiring to steal $1.2M

Experian hacked: 15 million people’s credit data stolen in breach

Credit reporting agency becomes latest victim of data breach

Here's what today's job creation implosion means for housing and mortgage finance

Jobs crater, labor participation rate near 40-year low and zero wage growth


new REwired blog header
Opinion, commentary and analysis on everything that makes the U.S. housing economy tick -- not to mention the ghosts in the machine, too. Written by HW's team of editors and reporters each business day.

Source code for Trojan mobile banking app for sale on black market

Malware app can redirect calls, capture audio, texts

February 26, 2014

What device are you reading this blog on…your phone?

While the growing emergence of mortgage and banking technology makes life easier, just two steps behind the new technology is the heightened threat of getting hacked.

According to an article from Computerworld last week by Daniel Cohen, the source code for an Android mobile banking Trojan application was released on an underground forum, breaking down the door for a large number of cyber attacks.  

The malware app in question, referred to as iBanking, became available to the underground market late last year for $5,000.

The source code is the main foundation for many banking applications, unlocking a highly secure door to borrowers’ bank account and personal information. The app is a response to security measures put in place by banks that work by sending unique one-time-use codes to their customers' registered phone numbers. 

In addition to capturing text messages, the app can also redirect users' calls and hack the phone's microphone to capture audio. It can also steal phone contacts and other sensitive information.

Scared yet?

If this wasn't reason enough to be concerned, the article noted that the app can be customized to masquerade as a security app or an app created by a targeted financial institution. Plus, during installation it asks for administrative rights, which can make it harder to remove at a later time.

As the mortgage industry seeks to convert more functions to mobile platforms, the threat of these kinds of hacks becomes even more ominous.