alphaspirit - Fotolia

Manage Learn to apply best practices and optimize your operations.

Can the new iBanking Android malware be stopped?

The iBanking malware has evolved to target Android devices. Enterprise threats expert Nick Lewis offers pointers on how to detect this malware on Android as well as prevent the threat.

According to reports, the iBanking malware package has become extremely advanced and offers multiple features to attack Android devices. Does this mark an escalation in the mobile malware threat landscape and, more importantly, since most Android devices don't have client antimalware, is there any reliable way to detect and prevent infection?

The iBanking malware advancements are part of the normal cycle of the malware ecosystem. To avoid detection by security measures and remain a threat, malware must change; adding new features helps criminals achieve this. And when one attacker group gets new functionality in its malware that improves its attack success rate, other groups will want that functionality incorporated into their malware.

The latest version of iBanking malware, known as Android.iBanking, adds new sophisticated methods to defeat out-of-band security measures used by banks and their customers, including SMS messages, and which many enterprises have also adopted as part of their two-factor authentication.

To fool its targets, the iBanking malware masquerades as security software in hopes that an end user might accidently install it thinking they are actually protecting their system.

Detecting malware on an Android device is similar to detecting malware on Windows or Macs. Users can do this by installing an antimalware application onto their smartphone to have it check for malware, checking sent text messages to see if any unknown ones might have been sent by malware, or by investigating when the device behaves erratically to identify the root cause.

Preventing users from falling victim to malware schemes such as iBanking first requires them to make sophisticated decisions around what type of software is installed on their mobile devices. Enterprise security awareness training should emphasize installing only trusted apps; however, it is often difficult to identify if an app is trusted. Users could download only apps from trusted app stores or, to determine if an app is legitimate, check other users' reviews in an app store, look at the number of times the app has been downloaded, read reviews on the Internet, or take recommendations from friends and colleagues.

Enterprises can protect employee mobile devices by running their own enterprise app store and vetting the apps published in it. Additionally, end users should always report suspicious pop-ups asking the user to install security software or any new programs. A mobile device management tool should also be installed prior to production use to prevent malware from infecting the device. Alternately, command-and-control functionality over the Internet can be detected and blocked by monitoring the network.

Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)

Next Steps

Learn more about Android malware and Android security risks, as well as whether virtual patching is the answer to thwarting Android malware.

This was last published in November 2014

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.