The US Federal Bureau of Investigation (FBI) has warned that cybercriminals are increasingly targeting mobile banking applications with malware that is designed to steal credentials and take control of the compromised device. The attackers are abusing the COVID-19 pandemic since more customers are using their mobile devices to conduct banking activities, including cashing checks and transferring funds. As a result, cybercriminals are deploying malware, Trojans, and spoofed banking apps to conduct account takeover attacks. At this time of writing, the FBI did not specify what malware, Trojans, or malicious apps were being used in the attacks.
In one of the observed campaigns, once the victim attempts to launch the malicious app, a dormant Trojan is triggered and prompts an attacker-controlled login page that overlays the legitimate app for credential stealing. The Trojans can also act as a dropper for installing spyware on the compromised device, which allows the attacker to gather more information on the victim. Other tactics the attackers use contain phishing campaign that target banking customers via SMS. To help mitigate the threat of banking frauds, it is recommended that users download apps only from trusted sources, such as official app stores or directly from bank websites, enabling two-factor authentication (2FA), and avoid clicking on suspicious links or attachments.