Why your vital mobile data is at increased risk

Should you feel the urge to download and install a less-known mobile application from Google Playstore, just be cautious.

It might just be one of the many conduits cyber-criminals are using to steal vital information from your phone, including PINs and bank account passwords.

According to a report by cyber-security provider CheckPoint Software Technologies, Kenya is one of the countries that are targeted by mobile banking malwares, a risk to the many who do their banking on mobile phones.

A malware, short for ‘malicious software,’ is software, programme or file that is intended to damage or disable computers and computer systems.

One such malware which was among the top 10 malware families that hit Kenya in the first half of 2017 is Fireball.

.

Keep Reading business

•  Governors reject revenue Bill, demand Sh439.5 billion allocation
•  Firm linked to fake fertiliser calls for arrest of Linturi, NCPB boss Premium
•  KPLC to pay Sh500 million for Nakumatt fire tragedy
•  Scented success: Passion for cologne birthed my venture Premium
•  Lenders raise interest on loans despite CBK holding key rate Premium

Spread mostly by being installed on a victim’s machine alongside a wanted programme - often without user consent - Fireball is capable of executing any code on the victim's machine.

This can then result in a wide range of actions from stealing credentials to dropping additional malware.

“Fireball runs in the browser,” says Micheal Tumusiime, a software engineer at CheckPoint in charge of the Eastern Africa region.

“It tries to steal information you input in the browser. For example, if I use my browser, Fireball is able to capture that. And, of course, with that there is a lot they can do,” he told Weekend Business.

Mr Tumusiime did not reveal the extent of such attacks but said their effects have got more pernicious.

Hiddad is another malware that infiltrates the Android operating system, repackages apps and then puts them on third party servers. “The app still works like the original one does, but in the background it is trying to steal sensitive information,” he said.

CHILLING DEVELOPMENT

Another one, RookieUA, steals log-ins such as usernames and passwords and sends them to a remote server. It is a chilling development where cyber criminals have managed to bypass Google’s stringent controls to install such software on Google Playstore.   

In August, there was an attack by another malware known as Gooligan. This is an Android malware capable of routing devices and email addresses and authentication tokens stored on the device.

With the information, an attacker can access a victim’s Google account data such as Google Photos, Gmail and Google Drive. “More than one million Google accounts were breached by Gooligan, with an average of 13,000 breaches each day at the campaign peak,” says CheckPoint in their latest report.

The infection by Gooligan begins when a user downloads and installs a malicious app containing Gooligan code on a vulnerable Android device. After installation, an infected app sends data about the device to the campaign’s command and control server.

There is also Ztorg malware which is said to have attacked Kenya in August. They are able to obtain escalated privileges on Android devices and install themselves in the system directory.

The malware is then able to install any other application on the device.

It is thus important for banks urge their customers to use biometric authentication for mobile banking and help them to install technologies that can detect the presence of malware on mobile devices, security experts advise.

Central Bank of Kenya knows this too well. In its Bank Supervision Annual Report 2016, the regulator notes that increased use of ICT has also seen a rise in cases of ICT-related frauds in the recent years. 

REPORTED FRAUD

“Data on fraud reported to Banking Fraud and Investigation Department indicate that cases relating to computer, mobile and Internet banking are on the rise,” read the report.

“Another emerging threat has been cyber-crime where criminals gain unauthorised access to institutions’ computer programmes and data. As a result, there is urgent need for the banking sector management to ensure increased use of computer-based transaction process is matched with effective controls,” adds CBK.

But ultimately, said Mr Tumusiime, it is the responsibility of the individual to take extra care by verifying what they are installing on their phones and putting in place sufficient protective measures.