Dangerous malware: Deadly piece of code can sniff out bank details

Hyderabad: Most surveys on mobile security call for preventive measures such as the installation of anti-virus software.

This follows the discovery of extremely dangerous malware such as Quicksand, XcodeGhost, YouMi and MobiSage by CERT and other anti-virus firms.

The companies say that these deadly pieces of code specifically target m-commerce data. Experts add there are at least 12 other known threats to users of mobile banking apps, which are able to ‘read’ text messages and OTPs sent by banks. After access, these pieces of software are able to carry out transfers of large sums in complete secret.

The Computer Emergency Response Team (CERT) has categorised threats into three categories — mobile device and data security threats, mobile connectivity security threats and Mobile application and operating system security threats.

CERT-India said a typical attack caused exposure or loss of a user’s personal information and monetary loss. Also, hackers worldwide are constantly developing and upgrading these malicious codes, every day. Fraudsters are even “merging” lines of illegal, data-sourcing code with other apps. For example, a seemingly harmless third-party weather app, can consist of very harmful data.

Mobile security firm, NowSecure, said 10.8 per cent of apps were leaking sensitive data and about 24.7 per cent of mobile apps had at least one risk.
A study by ‘Appthority’ said over 50 per cent of apps on the Apple platform and Google’s online store were packing hazardous code.

M-Secure anti-virus company’s international head J. Jaya Raj said they were identifying about three to four lakh samples of malware/ransomware per day — about 50,000 of them were having severe threats. “We have also determined that most of the malware comes from third-party mobile apps or apps from unverified sources,” he said.