How to Prevent Bank Accounts to be Hacked by This Threat?
An ATS (Automatic Transfer System) malware is a malicious software that targets online banking applications on Android devices. It is designed to automate bank transfers without the victim's knowledge, allowing cybercriminals to transfer money without the user noticing.
What Makes This Type of Malware Particularly Effective?
Mode of Distribution: In the past, cybercriminals had to convince their victims to install malicious applications outside of the official app store, a process that was often complicated. ATS malware, however, manages to spread through the official app store by initially containing no malicious payload. This payload is downloaded during a subsequent update.
Bypassing Strong Authentication: Risky operations are subject to strong authentication. ATS malware circumvents this security in several ways:
- Interception of SMS and 2FA Codes: They intercept authentication codes from SMS and applications and use them to validate transactions.
- Opportunistic Mode: The malware waits for the user to initiate a beneficiary addition request, then substitutes the mule's IBAN for the legitimate beneficiary's. The user, believing they are confirming their very own request, validates the addition.
- Multi-Factor Authentication (MFA) Fatigue: By sending multiple authentication requests, the malware exhausts the victim until they eventually approve a request out of frustration or thinking it's a bug.
What is Its Mode of Operation?
- Payload Download: The application, under the pretext of an update, downloads the malicious payload.
- Request for Accessibility Service Access: The application requests access rights to the accessibility service. This service, legitimate in contexts such as using a magnifier or voice interaction, is hijacked by the malware to interact with the victim's banking application.
- Credential Collection: When the user opens their banking application, the malware creates a window resembling the legitimate login screen to capture credentials and passwords.
- Remote Control: Some malware have RAT (Remote Access Tool) capabilities, allowing cybercriminals to take control of the phone remotely. During this time, a black or loading screen is displayed to conceal the malicious actions.
How to Mitigate the Risk as an Individual?
- Download Applications from Reliable Sources: If you need to download an application for well-established uses such as a PDF reader or Microsoft document reader, prefer applications that have been present on app stores for a long time. Malicious applications generally have a short lifespan on official stores.
- Be Vigilant About Requested Permissions: Beware of applications requesting excessive access, especially to accessibility services. If you prefer a conservative approach, it's better to realize that a legitimate application is not working as expected and adjust the permissions if necessary.
- Use Mobile Security Solutions: Install anti-malware software to detect and block malicious applications.
How Can Banks And Financial Institutions Mitigate the Risk?
Banks have fraud prevention measures that can be strengthened to reduce the risk of this type of threat.
User Interaction Data Analysis: By analyzing data related to user interactions on the application, banks can limit the risk, as interactions performed by malware differ from those of legitimate users. Our solution LexisNexis® BehavioSec® uses the power of behavioral biometrics to analyze this type of data and reveal the presence of such malware.