alphaspirit - Fotolia
According to reports, the iBanking malware package has become extremely advanced and offers multiple features to attack Android devices. Does this mark an escalation in the mobile malware threat landscape and, more importantly, since most Android devices don't have client antimalware, is there any reliable way to detect and prevent infection?
The iBanking malware advancements are part of the normal cycle of the malware ecosystem. To avoid detection by security measures and remain a threat, malware must change; adding new features helps criminals achieve this. And when one attacker group gets new functionality in its malware that improves its attack success rate, other groups will want that functionality incorporated into their malware.
The latest version of iBanking malware, known as Android.iBanking, adds new sophisticated methods to defeat out-of-band security measures used by banks and their customers, including SMS messages, and which many enterprises have also adopted as part of their two-factor authentication.
To fool its targets, the iBanking malware masquerades as security software in hopes that an end user might accidently install it thinking they are actually protecting their system.
Detecting malware on an Android device is similar to detecting malware on Windows or Macs. Users can do this by installing an antimalware application onto their smartphone to have it check for malware, checking sent text messages to see if any unknown ones might have been sent by malware, or by investigating when the device behaves erratically to identify the root cause.
Preventing users from falling victim to malware schemes such as iBanking first requires them to make sophisticated decisions around what type of software is installed on their mobile devices. Enterprise security awareness training should emphasize installing only trusted apps; however, it is often difficult to identify if an app is trusted. Users could download only apps from trusted app stores or, to determine if an app is legitimate, check other users' reviews in an app store, look at the number of times the app has been downloaded, read reviews on the Internet, or take recommendations from friends and colleagues.
Enterprises can protect employee mobile devices by running their own enterprise app store and vetting the apps published in it. Additionally, end users should always report suspicious pop-ups asking the user to install security software or any new programs. A mobile device management tool should also be installed prior to production use to prevent malware from infecting the device. Alternately, command-and-control functionality over the Internet can be detected and blocked by monitoring the network.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Sophos researchers believe the SamSam ransomware campaign could be the work of one or a few threat actors using manual techniques. Learn how it works... Continue Reading
The hacking group Magecart was recently found to have run a card skimming campaign that put customer information at risk. Learn how this attack ... Continue Reading
A new version of GandCrab was discovered by researchers in July 2018 and involves the use of legacy systems. Learn how this version differs and who ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.