New wave 'banking trojans' target Australia

The Australian financial sector is in the firing line as a wave of “banking trojans” - clandestine malware created to harvest and siphon banking customer data - target the rising digital payments sector.

It’s been dubbed “BankBot” – clandestine malware designed to penetrate Russian banks but now with updated with fake sign-in pages to mimic a swag of Australian banking apps. It has also been described as a banking Trojan horse that scrapes personal payment and card data via counterfeit payment pages for Google Play.

Recently removed from the Google Play store, BankBot lay dormant inside a harmless sounding app named Funny Videos 2017, an app potentially downloaded up to 5,000 times, before a security firm out of the Netherlands discovered it and Google removed from the Google Play Store last week.

Google has, in the past 15 days, pulled two other banking trojans from Google Play after researchers, including the Dutch security firm Securify, alerted the internet giant to the scale of the breach. These “banking trojans” - including another innocuously titled app HappyTimes Videos - have now also targeted a dozen Australian banking brands, as well as brands serving the New Zealand and European markets.
 

Major security flaw

According to Securify, the two newer BankBot infected apps target over 400 bank apps, including Australian banking and insurance brands - including the Australian versions of the ING Direct and Citibank apps - Westpac, Commonwealth Bank of Australia, AMP, ANZ, Macquarie, NAB, Suncorp, St George, Bankwest and the BOQ.

The malware also attempts to steal payment card information by monitoring when users launch popular apps, such as Snapchat, Twitter, and the Play Store. When these apps are launched the malware will display a fake Google Play payment dialogue, requesting payment card details.

Only last week Microsoft plugged an entrance point for another banking trojan that had been exploiting a major security flaw in the universally-available Word software.

This malware, the Dridex banking trojan, entered through the Microsoft office tool and gained access across the users’ computer system.

Even printers are becoming a vulnerability in the newest iteration of cyber-threats, with HP in Sydney this week suggesting any printed data is at its most vulnerable and accessible to “nefarious” bad actors when moving through the system to the printer.
 

Accountants, brokers, financial advisers

According to Angus Woods, managing director, Adviser Ratings, it’s not just banks that are being targeted by the wave of trojans seeking access to Australian banking customers.

“The advice community could be particularly vulnerable to these types of cyber-threats, given the nature of client-adviser correspondence whereby a lot of communication and sign-offs happen via scanned documents.”

Woods told AB+F that in the lead up to super changes and the looming end of the financial year, accountants, brokers and financial advisers need to be particularly vigilant.

“Especially in ensuring all staff are well versed on the range of cyber-risks, as there may be staff within their teams who are not as cyber cautious,” Woods said.

He added that financial advisers need to commit to a higher-level of awareness and accountability - ensuring appropriate training protocols, up-to-date software and insurance are in place to guarantee adequate protection.

“Hackers are becoming more scrupulous in targeting clients of advisers, giving them access to the client’s contact lists.”

According to Woods, this can enable bad actors, in one iteration, to achieve a level of sophisticated imitation that can bring down the entire house of cards.

“To look as though they are the client when contacting the adviser,” Woods said.

map4
Subscribe to receive insights delivered straight to your inbox
Latest news, unbiased expert analysis and insights across banking and finance