SC Magazine is reporting Malicious apps found in Google's Android online store:
Rogue applications developed to steal banking credentials from users were discovered late last month in Google's Android Market online software store.
The malicious programs were disguised as a legitimate mobile banking apps and were designed to steal users' online banking credentials, according to Oregon-based First Tech Credit Union, which posted a fraud alert about the threat on Dec. 22.
It is inevitable that malware will begin to focus more and more on moble applications as these devices increasingly become the focus of our Internet connectivity. Banking online is dangerous and banking by wire just adds another set of vulnerabilities. At least consumers have some legal protections from these scams. Small businesses and not for profit groups, such as school districts, have no such protections.
Brian Krebs had a recent summary of articles that illustrate the risk: Series: Cyber Gangs Fleece Small Businesses. The list of victims includes public and private schools as well as small businesses. Ultimately it is consumers, taxpayers, donors, students, and recipients of services who pay. Some of the methods used to obtain your authentication credentials are listed here.
These scams will only get worse until we have more effective methods of authenticating who is whom on the Internet and all the way down to your handheld device, starting with DNSSEC. If the banking system does not start offering more secure and affordable solutions then legislation and statutory liability will be required.
Comments