Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .


Mobile cyberattacks: The different facets of smartphone malware

iStock 1174418589 - Global Banking | Finance

33 - Global Banking | FinanceBy Gemma Staite, Threat Analytics Lead, BioCatch

The number of mobile apps is increasing rapidly, as are the security risks. The TeaBot Remote Access Trojan (RAT), which emerged at the beginning of 2021 and designed to steal victim’s credential and SMS messages, remains rife. Behavioural biometrics is the key to overcoming the challenge of advances in mobile malware.

In the last decade, the use of mobile devices has increased exponentially. There are now approximately 5.3 billion unique mobile phone users worldwide, with more than 90% of them used to access the internet. Around 40 apps are installed on each mobile device, with the total number of apps downloaded expected to exceed 250 billion by the end of the year.

As the number of mobile devices and apps grows, so too does the spread of cyber-attacks, with criminals becoming increasingly focused on banking apps. The methods of mobile infiltration have become increasing diverse, complex, and have the capability to be upgraded – the TeaBot Trojan RAT is no different. The now global TeaBot has infiltrated banks, cryptocurrency exchanges and digital insurance providers, causing damage everywhere it’s found. Behavioural biometrics, however, provides the key to minimising its risk.

Social Engineering on Mobile

For the most part, attacks start with sophisticated social engineering attacks to get the user to download the malware onto his or her end device. These Trojans are often come in the form of phishing emails, text messages or fake apps.

The Trojan then installs itself and enables the hacker to collect information as well as load further malware. Remote access tools (RAT), for example, enable the criminal to gain administrative access of the device and intercept banking app credentials or even one-time passcodes.

According to our research, 1 in 24 fraud cases involved a RAT attack. HTML overlay attacks are also used to obtain critical data. In most situations, those who use a banking app on their smartphone are unaware of such actions.

TeaBot: An Attacker’s Chronicle

Malware detection traditionally depended on conventional antivirus technologies that search for the name of suspicious files and regularly check apps and their hashes for malware.  These strategies, on the other hand, have continually hit their limits in recent years. This is because, in order to avoid detection by antivirus software, hackers create malware with a constantly changing file name.

Last year, the TeaBot malware, also known as Anatsa in Germany, made headlines. The developers of the malicious code try to trick their victim into downloading the malware by disguising it as a supposedly harmless app. TeaBot is equipped with RAT functions and is available in several languages. The banking Trojan is spread via malicious apps outside the Play Store – under names such as VLC MediaPlayer, UPS, and DHL. To spread the malware en masse, the hackers use so-called smishing attacks: Their victim receives an SMS with a link to the app and uses it to download the Trojan. Another method of distribution are fake pop-ups through which TeaBot is downloaded and installed, implementing itself as an Android service and runs in the background. This allows it to nestle permanently in the end device without being detected. After downloading, it acquires broad permissions and instantly begins scanning the applications installed on the device.

The TeaBot trojan effectively takes over the user’s mobile device by remotely control the victim’s smartphone. It has the capability to read SMS messages and forward them to the command-and-control server to bypass OTP (one-time password) precautions. It obtains access authorisations to approve notifications and has logging functions, that can disable Google Play Protect and initiates overlay attacks. Teabot does this by loading a specially crafted login page for the target application from the command-and-control server. The phishing page is placed over the banking app. Here, the user’s credentials are collected using keylogging and forwarded to the command-and-control server controlled by the hacker.

TeaBot mainly targets banking and cryptocurrency apps, but the malware also collects information from other installed apps. It is practically impossible for those affected to delete it. And it can cause a lot of financial damage if a criminal gains access to the login and account data and can use them to make transfers.

 Behavioural Biometrics: detecting mobile malware

One way to detect TeaBot is to use solutions based on behavioural biometrics. With the help of this technology, banks are able to identify whether it is a real user operating the device or whether the device is being controlled by the malware remotely via RAT. One example of how the malware behaves differently to a genuine user is the navigation speed. When in control of the device, fraudsters controlling the device are very familiar with the payment process and execute payments quickly to avoid being detected by the victim.

Technologies based on behavioural biometrics match the user’s behaviour with previous customer sessions to determine consistency and intent. The way a user holds their mobile device is also another indicating factor: in fraudulent sessions, the device may rest on the table for the entire session, while a real user moves around with their smartphone. Touch and swipe patterns can also be analysed and matched. In the case of a RAT attack, no touch areas are usually visible, which indicates that the terminal is being controlled remotely. If swipe movements on the display are detected at a different location than in previous sessions, this indicates that the real user had no control over the device during the session.

An alert is delivered to the bank’s security experts if the technology identifies a number of fraudulent elements in combination based on behavioural biometrics. With behavioural biometrics and machine learning, financial institutions can thus intervene preventively in a fraud attempt before the customer suffers any financial damage.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post