Australia's banking apps targeted by malware – report

Country's "horrendous" hardwired infrastructure and high use of mobile devices make it an attractive target for cyber criminals

Australia's banking apps targeted by malware – report

Australians using mobile banking apps might not be as secure as they think. Australia is the fourth most targeted country in the world for banking app malware, with 34 of the country’s banking apps under attack from malicious programs known as trojans, a new report says.

Of the 34 targeted apps, 13 are being targeted by three or more trojans, according to research by mobile security company Zimperium. This puts users of those apps at higher risk of having their financial information stolen, The Australian reported.

Richard Melick, director of threat reporting at Zimperium, said that Australia was an attractive target due to its antiquated hardwired infrastructure, high mobile device use, and a lack of consumer protection.

“[Australia’s] physical hardwired infrastructure is horrendous – it’s slow and outdated,” Melick told The Australian. “So per capita, your residents use their mobile devices more than most other developed countries. On top of that, there’s not a lot of Australian consumer protection when it comes to how some of this malware spreads. … Telstra and other organisations are looking into protections, but for now, it’s almost like it’s an easy target.”

While Australia sits high on the Zimperium’s list, the US tops it with 121 banking apps under attack, followed by the UK with 55 and Italy with 43, The Australian reported.

Three of the nation’s big four banks – Commonwealth Bank, Westpac and ANZ – are under attack from four trojan programs. Several other financial institutions are being attacked by the same trojans, including Bank of Queensland and Bendigo and Adelaide Bank. However, National Australia Bank does not appear on the list at all, The Australian reported.

Read next: Aussies more attached to banking apps than social media – report

There are two types of trojans targeting mobile banking customers, Zimperium reported. The first is part of a larger attack chain that seeks access to banking credentials and data, as well as security controls such as multifactor authentication. The second uses keyloggers and screen scrapers to siphon money from customer accounts directly through the app when a customer logs in.

“We’re seeing more advanced banking trojans out there now; this is just the tip of the iceberg,” Melick told The Australian. “Some of the more advanced banking trojans that we’re seeing are targeting devices and going as far as stealing people’s money and then wiping their phones to cover their tracks. This malware is getting more aggressive and more advanced.”

Melick said that banking institutions needed to do more to protect customers from malware.

“They have turned our mobile phones into mobile ATMs, but there’s more security around the ATM on the side of the street than there is on the application on your phone,” he said. “Our analysis of mobile applications found that around 80% of financial applications are leaking, or potentially leaking, critical user information because [banks] are not approaching them with a security mindset.”