Page 44 - Publication6
P. 44
intended functionality of the app, but rather can be used access most mobile device activity and resources, thereby
to eavesdrop on other apps which are running concurrently stealing consumer data just like the malware downloaded
to collect data about the consumer. The rationale is that from an app store.
the collected information can be used for data analytics to
(Sources: http://www.snoopwall.com/wp-
help with targeted mobile advertising.
content/uploads/2014/12/2015-Year-of-The-Rat-by-Gary-
However, this has given cyber criminals a rather large S-Miliefsky-SnoopWall_downloadPDF.pdf and
attack vector to commit ID Fraud by using malware that http://www.snoopwall.com/wp-
looks like trustworthy apps to steal PII and financial content/uploads/2015/01/SnoopWall-Supplement-to-Year-
transaction data from mobile banking apps or your credit of-the-RAT-Threat-Report-Email-Spear-Phishing-and-
card information from your retail apps which reside on the Email-Tracking-Attacks-Defenses-20151.pdf)
same mobile device. This type of malware disguised as
Most consumers are completely unaware of these types of
�trusted� apps have hundreds of millions of downloads
threats, and even when they are, they don�t take actions to
from the major app stores.
“Worse yet, this
new form of
malware is
undetected by anti-
virus”
Worse yet, this new form of malware is undetected by
anti-virus and able to circumvent encryption, biometrics,
tokenization, sandboxes and authentication. The result is
that using mobile banking apps to conduct transactions is
similar to using an ATM to withdraw cash in a dangerous
area with criminals lurking around or handing your credit protect their security and privacy until it is too late. On the
card to a stranger, in public, who is using the old fashioned other hand, financial institutions carry the liability
carbon copy credit card imprinter to take your order. associated with the fraud which results from data stolen
from mobile banking and retail apps.
Another popular technique for cyber criminals is spear-
phishing attacks – which take the form of email and text In a US landscape where almost a billion PII records have
messages that appear to be from an official source or been compromised and there is identity fraud totaling
someone you know, usually garnered via a social $24.7 billion in losses – according to statistics from
networking site. Privacyrights.org and the Department of Justice - greater
safeguards are needed to protect consumers� financial data.
These messages can then install monitoring software
covertly on the mobile device. Monitoring software can
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3
