Jump to content

Spike in mobile banking malware, WhatsApp too vulnerable: Check Point


duddy

Recommended Posts

Spike in mobile banking malware, WhatsApp too vulnerable: Check Point

malware, mobile malware, phishing, jezz bezos hacking, WhatsApp hacking, banking malware, mobile security

 

Malware attacks on mobile phones have definitely increased. Last year, we saw an increase of 50 per cent in mobile banking malware, like, Banker. It is as easy to send malware on WhatsApp as it is via other mediums as well.

“It is as easy to send malware on WhatsApp as it is via other mediums,” Venugopal N, Director of Security Engineering at Check Point Software Technologies told indianexpress.com in an interaction, adding that in the case of Jeff Bezos, it was a zero vulnerability. He also revealed that there has been an increase of 50 per cent in banking mobile malware attacks overall, including in India, that can potentially steal a user’s financial data and even funds from their bank accounts.

Venugopal shared more insights on what exactly happened in the Bezos case, the rise of banking malware and potential threats as well as what users can do to stay safe. Excerpts from the interaction:

Has there been an increase in mobile malware? In India, which ones are the most common?

Malware attacks on mobile phones have definitely increased. Last year, we saw an increase of 50 per cent in mobile banking malware, like, Banker. According to our threat intelligence sources, more than 35 per cent of organisations in India have been impacted by a mobile attack in 2019.

In India, a lot of malware that we see tend to steal photographs, contact info on the mobile phone. And there’s adware that’s the most common type sitting on your phone and generating ads to make money for someone else. There is also malware that are able to launch surveillance on your phone, look at your GPS location and steal your personal data as well but that’s not as prevalent in India.

What can banking mobile malware potentially do?

Banking malware is widespread and what we have also seen is that its sophistication is increasing. It can potentially steal your financial data if you are using your mobile phone to make payments, steal your credentials and even funds from bank accounts.

We are also talking credential theft and surveillance operations which means that somebody can really monitor your GPS location or take control of your microphone on your phone without the user actually knowing something like this is actually happening. Then, of course, we have contact information on our phones that can also be rummaged through this attack.

How vulnerable is WhatsApp? What happened in the Jeff Bezos case?

It is as easy to send malware on WhatsApp as it is via other mediums as well. But WhatsApp has actively patched a lot of vulnerabilities in the recent past and they are doing it on a regular basis.

malware, mobile malware, phishing, jezz bezos hacking, WhatsApp hacking, banking malware, mobile security

 

If you look at WhatsApp, there are about 65 billion messages that are sent on the app every day. Encryption to a large extent helps as it is designed in such a way that only the person to whom you are communicating can read the message and nobody in between.

But what we’ve seen in the recent past is the fact that there are often new vulnerabilities that are exploited. That’s what happened in the Jeff Bezos case as well. It was a zero vulnerability. In this particular case, while the message was sent on WhatsApp, it was a video file that was sent and while opening the video file, the malware that was on the file was transmitted on the phone.

What are the best security practices that mobile users can adopt?

The most important thing is, give the same amount of importance to your mobile phone that you give to your laptop. Have a security solution in place.

 

 

Do not download apps from third-party app stores. While even the App Store and Play Store also tend to have malware, we know we are cutting down on 50 per cent of the problems if you do not connect to the Internet and download apps.

Do not open each and every file, links if you do not know who the sender is. It could be a file on your messaging apps or emails. Finally, you also need to keep in mind what kind of Wi-Fi networks you connect to as man-in-the-middle attacks can be launched via Wi-Fi networks. Avoid connecting to public, free Wi-Fi networks.

How common is phishing through emails?

People also tend to use their emails on mobiles. So it’s not just browsing websites or downloading apps or getting malware over messaging apps. Phishing attacks through emails would be that somebody could launch a malware to the mailbox and that malware is active via the mailbox to the mobile as well.

One aspect is that you tend to open a link that comes in a mail and then you are taken to a particular website and asked to update your information. People are using that data to steal information about you. The most important thing is, try not to open all the mails if you know that some are spam mails. It is more about being educated to do something like this.

Source

Link to comment
Share on other sites


  • Replies 5
  • Views 865
  • Created
  • Last Reply

@duddy have left this last post of yours today as is please correct Formatting post is unreadable in Nsane Dark theme. 

For e.g. Below

Spoiler

cz9zGu8.png

 

Link to comment
Share on other sites


17 hours ago, Mach1 said:

@duddy have left this last post of yours today as is please correct Formatting post is unreadable in Nsane Dark theme. 

For e.g. Below

  Reveal hidden contents

cz9zGu8.png

 

OK. I agree. But what to do?

How'd I come to know if some post would be difficult to read e.g. for dyslexics, in various browsers, in dark theme etc. etc. and so many other formats out there?

Is there a way to be sure of and avoid all potential pitfalls before posting?

Please guide dear @Mach1.  

Link to comment
Share on other sites


17 minutes ago, duddy said:

OK. I agree. But what to do?

How'd I come to know if some post would be difficult to read e.g. for dyslexics, in various browsers, in dark theme etc. etc. and so many other formats out there?

Is there a way to be sure of and avoid all potential pitfalls before posting?

 

@Mach1  has outlined what you need to do here. Here's my take...

 

For existing posts...

 

1. Edit the post (Edit button bottom left of post)

2. Select all the content (right-click in post contents, select "Select All")

3. Click/tap the Tx button towards the far right of the editor toolbar

4. Click/tap Edit topic button.

 

For new posts, steps 2-4 before you click/tap "Submit topic". If you forget before submitting it, just do all the above steps.

 

To see what it looks like in the nSane Dark Theme, use the drop-down list at the very bottom left of the page. Remember to take note of what theme is currently ticked so you can revert.

 

Bookmark Mach1's and/or this post so you can refer to them as needed.

Link to comment
Share on other sites


48 minutes ago, duddy said:

But what to do?

 

Go to your post and click Edit. Click on the text so the cursor is blinking in your post, then press ctrl+A (this will select all the text).

Then click on the "Tx" icon. This will remove any formatting on your post. Then click Edit Topic to submit.

 

2020.02.02_18h46m07s_003.png

Link to comment
Share on other sites


2 minutes ago, T3rM1nat0Rr3 said:

 

Go to post and click Edit. Click on the text so the cursor is blinking in your post, then press ctrl+A (this will select all the text).

Then click on the "Tx" icon. This will remove any formatting on your post. The click Edit Topic to submit.

 

2020.02.02_18h46m07s_003.png

Great tip @Mach1 bro. Will abide by it.

6 minutes ago, Karlston said:

 

@Mach1  has outlined what you need to do here. Here's my take...

 

For existing posts...

 

1. Edit the post (Edit button bottom left of post)

2. Select all the content (right-click in post contents, select "Select All")

3. Click/tap the Tx button towards the far right of the editor toolbar

4. Click/tap Edit topic button.

 

For new posts, steps 2-4 before you click/tap "Submit topic". If you forget before submitting it, just do all the above steps.

 

To see what it looks like in the nSane Dark Theme, use the drop-down list at the very bottom left of the page. Remember to take note of what theme is currently ticked so you can revert.

 

Bookmark Mach1's and/or this post so you can refer to them as needed.

Very nicely explained dear @Karlston. I'm really obliged. Thanks!

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...