Malware has become a key ingredient in every cybercriminal’s toolkit. While mobile malware poses a potential threat to every mobile application, banking apps are without doubt, the prime target of mobile malware. As the number of attacks against banking apps continues to grow, so too does the need for capable mobile app security solutions. Banking apps are attractive targets for cybercriminals since they handle sensitive user data like bank account numbers and PINs. The consequences of a breach can be dire.
There are several predispositions as to why banking apps are the main target of cybercriminal attackers. Firstly, mobile wallets and banking apps store the most personal and sensitive data and are often accessible by several other apps through native iOS and Android functions. The other apps that connect to the financial apps have access to your preferences, stores you shop in, the online retailers you visit, etc. These mobile wallets and banking apps store CVV codes, credit card numbers, usernames, and passwords. For every data stored in your mobile app, there is an attacker somewhere writing specific malware to target it so they can monetize it.
Cybercriminals design malware that hides or masquerades inside other apps or depends on social engineering and trickery to deceive consumers into installing it. Other times attackers trick consumers into performing actions that open multiple channels for malware. Moreover, cybercriminals create entirely fake apps or clones of well-known apps and embed them with hidden malware. Underground hosts are used to host these fake apps, and the malware embedded inside is programmed to lay dormant until it finds the target app.
A dropper is also a Trojan or malware designed specifically to “drop” or “install” some malware to a targeted device. The dropper contains the malware code in a way to avoid detection by anti-virus software and attack the targeted apps once activated. Besides that, Allow Unknown Sources is the most popular channel used by bot herders and cybercriminals to get malware onto a consumer’s device. Smishing and phishing techniques are also used to trick users into clicking malicious links that deliver the malware directly or redirect the consumer to a malicious server controlled by the attacker.
The first step to protect any app is app hardening, including runtime protections, anti-debugging, checksum validation, and anti-tampering. Join this with code obfuscation, including stripping debug info and obfuscating control flows. This will provide robust security to protect against standard reverse engineering techniques and static and dynamic analysis.
Cybercriminals design malware to exploit operating system functions and normal apps tailored to the application’s type they target. The more attackers know about the app, the more damage the malware will pose. Therefore, start by protecting the foundation, then layer security measures on top.
Cybercriminals trick users to grant them excessive app permissions or privilege access so they can attack users’ devices and apps. Fraudsters also use tools like Android Developer Options or ADB to escalate privileges to control apps remotely or inject, intercept or alter key events. Therefore, it’s essential to utilize strong app security service providers that can detect and prevent those apps that involve permission harvesting and key injection by identifying events like touch events not initiated by a UI source, a malicious keyboard that has found its way onto the device through drive-by downloads, trickery or previously planted backdoors, etc.
Moreover, attackers also use social engineering techniques, fake apps, and malware together with overlay attacks to make it more believable. In an overlay attack, the attacker uses multiple opaque or transparent layers to deceive consumers into interacting with malicious content such as a window, button, link, etc. Therefore, always utilize the overlay prevention feature to enable your applications to identify and prevent screen overlays.
You can also secure your mobile apps by blocking the methods and tools attackers use to alter applications dynamically during runtime. For instance, fraudsters abuse developer tools such as Android Debug Bridge and Frida to dynamically modify the code during runtime. This way, attackers change the app’s behavior by injecting their malicious code to replace the existing code. If this is done on a rooted device, the consequences will be worst since the attacker would be able to control the entire device by using root privileges. Therefore, utilize fraud prevention features to block malicious methods that hackers use, such as memory injection, dynamic hacking, and function/method hooking.
You can also consider shoring up your perimeter defense with detection capabilities utilizing Mobile Application Threat Detection solutions that are capable of detecting new threats on a continuous basis. With a combination of Mobile Application Threat Detection solutions and security hardening solutions — you have the ability to keep your applications safe from malicious threats.
Fake apps contain malware that sometimes requires additional permissions from users. These apps stay hidden, listen for activities or events, and then take actions according to specific triggers pre-programmed by the attacker. Fake apps must be considered a serious threat because they can bypass security checks and operate in the background for extended periods of time. In addition to fake apps, fake app stores pose a significant threat. These fake app stores mimic popular store fronts and offer a malicious app store within a store. All a user has to do is download a small app from a legitimate app store or a website and the malware is installed on the device. Download an entire publication here.
You can prevent this from happening by utilizing Runtime Bundle Validation, which ensures the iOS and Android’s integrity by running checksums on all files. Applications with a high number of downloads are often embedded with malware and cloned by attackers. Prevent distribution to suspicious app stores and re-signing of applications by unauthorized developers to keep the apps secure against malware.
Permission harvesting and privilege escalation are how malware gains functionality while staying hidden and expanding its attack surface. Protecting against this begins with the basics of jailbreak/rooting prevention. For example, suppose you have a fintech app or mobile wallet. In that case, you’ll probably have to defend against evasion techniques, root cloaking, and rootkits by preventing the use of tools like Magisk Hide that can easily bypass root detection. Moreover, block Magisk Manager that cybercriminals use to assign and control rooting activities.
Follow these tried and tested tricks to secure your mobile apps without an SDK.
When it comes to data security, mobile applications should be your top priority. Mobile apps are quickly becoming one of the most valuable assets of any company. By 2020, mobile devices will account for more than two-thirds of the average person’s waking hours, and that means it’s time to take your app security seriously. Use the knowledge provided in this article to keep your mobile applications secure without an SDK and enjoy the online service’s conveniences with peace of mind!
This article was first published on MEDIUM on 18th November 2021.