HFTTF Girişim Zirvesi

Son Haberler

İzmir Bilişim Zirvesi 2015’e Katıldık
ODTÜ Android Geliştirici Günlerine Katıldık
kiralık bahis sitesi fiyatları
bahis sitesi kiralama
THE 7 MOST ESSENTIAL SECURITY AWARENESS TRAINING TOPICS FOR 2021
Oltalama Saldırıları Şirketler İçin Ne Anlama Geliyor?
Websitenizin Güvende Olduğundan Nasıl Emin Olabilirsiniz?
WHAT SHOULD YOU DO IF YOU ARE A VICTIM OF A PHISHING ATTACK?
WHAT TO DO IF YOU RECEIVE A PHISHING EMAIL?
Etkili Oltalama Eğitimi İçin Gerekli Adımlar
Önemli Oltalama Türleri ve Tespit Yöntemleri
EMAIL SECURITY SOLUTIONS
Fidye Yazılımı ve Oltalama 2021’de de Artışta Olacak
E-posta Güvenlik Yazılımı Seçerken Nelere Bakılmalı?
Şu an buradasınız: Ana Sayfa / Genel / BOT MALWARE ATTACKING FINANCIAL MOBILE APPLICATIONS
Genel

BOT MALWARE ATTACKING FINANCIAL MOBILE APPLICATIONS

26 Eylül 2020 By 0 4

Bot Malware Attacking Financial Mobile Applications

Last June, the FBI warned of a type of bot malware targets insecure banking and financial mobile applications, can leak sensitive information, capture and send passwords to the servers it communicates with, and gain accounts.

This newly emerging mobile malware resembles the Trojan horse named EventBot, which appeared in April. EventBot looked like an Adobe or Microsoft Word application on mobile devices with the Android operating system, but its main purpose was to steal information from financial applications on the device.

This bot malware detects vulnerabilities on insecure financial mobile applications and exploits them for malicious use. It can capture SMS correspondence and other details. It can also steal two-step authentication codes, which allows it to log into accounts that may be important to the user.

There are many vulnerabilities that are common in banking applications, but the most common are listed below.

1- Unencrypted dynamic data

Transmission of sensitive data such as variables, user information, or configuration, without encryption, during communication with the frontend and backend of the application.

2- Keeping the keys of security certificates on the application

Communication between the user and the bank or financial company is encrypted end-to-end. However, decrypting this encryption may cause the traffic to be seen openly. This way, attackers can see sensitive information transferred during communication by using this bot malware.

3- Unsafe API Use

Using insecure APIs can expose sensitive information to users and cause hackers to use applications and servers for their own benefit.

How can measures be taken against Bot Malware attacks?

A. Increase User Cybersecurity Awareness Using Phishing Simulation Tools

Use phishing simulation tools and let your users experience the bot malware risks against and other similar cyberattacks from the outside world. By simulating similar attacks with a Phishing Simulator you can detect your low-awareness users.

Try our phishing simulator for free.

B. Cybersecurity Awareness Training

Lack of cybersecurity awareness among users can compromise both their own security and the security of their company. With regular information security training, you can train your users against such bot malware attacks.  Use our cybersecurity Awareness Educator module for free, and have entertaining and instructive training contents.

This blog had been published at www.keepnetlabs.com.

RSS Teknoloji Haberleri