According to the research of Positive technologies, every second mobile banking application has a vulnerability through which fraudsters can steal the money of its users.
The company selected 14 mobile apps for the Android and IOS operating systems, which were downloaded more than 500 thousand times from the Google Play and App Store.
It is noted that in 13 out of 14 applications, access to personal user data is possible. Hackers can exploit 76% of vulnerabilities in mobile banks without physical access to the device.
"None of the studied mobile banking applications has an acceptable level of security. In every second mobile Bank, fraudulent transactions and theft of funds are possible. In five out of seven applications, logins and passwords from user accounts are threatened, and bank card data may be stolen in every third application,” experts conclude.
The company's experts advise users to set a PIN code to unlock the device to limit the ability of attackers to gain physical access and never click on links from strangers in SMS and messengers.
Group-IB regularly finds vulnerabilities in banking applications, but in practice, these weaknesses are rarely used because it is easier and cheaper for hackers to use social engineering, says Andrey Bryzgin, head of the Audit and Consulting Department of the Group-IB.
Previously, Positive Technologies identified 23% more cyberattacks in the first quarter of 2020 compared to the fourth quarter of last year. The increase in cybercrime is associated with the coronavirus COVID-19.
Moreover, the number of virtual crimes began to grow. Fraudsters send emails about COVID-19 with links that lead to fake sites where users are asked to enter data from Bank cards.