Malware

HID RMS distinguishes between alerts:

• Malware web inject [WI]

• Malware app [MWA]

• Financial malware app [FMA]

The difference between a Malware app and a Financial malware app is, as the name suggests, the fact that a Financial malware app was designed primarily to cause financial harm to the end user. Such malware performs illegal activity related to the user’s access to the protected banking application.

In theory, we distinguish two types of banking malware. It can be either a complex banking Trojan or a malicious fake banking app. What is the difference?

Fake Banking Application

• Tries to look like an official banking app in the app store

• Obtains various suspicious permissions during installation

• Mimics a legitimate banking app by displaying a phishing login screen

• Collects credentials and other personal details and sends them to the fraudster

• Can use SMS permissions to steal and forward one-time password

• Can process fraudulent payments using the victim’s bank account

Banking Trojan

• Is usually installed with legitimately looking apps (games, widgets, tools)

• Obtains permissions during installation allowing the app to take control of the device

• Can silently install other malicious apps

• Acts on the user’s behalf in bank application without being spotted while providing the promised

  service (games, widgets, tools)