NEW YORK–The threat to credit unions and other financial institutions from cyberthieves is increasingly spreading to mobile phones.
As CUToday.info reported here, the threat from keystroke logging has expanded to mobile devices. But now new reports suggest malicious software programs such as Acecard and GM Bot have been gaining popularity around the world as ways to target the financial-services industry.
“Cyberthieves are using such so-called malware to steal banking credentials from unsuspecting consumers when they log on to their bank accounts via their mobile phones, according to law-enforcement officials and cybersecurity specialists,” the Wall Street Journal reported. “It is difficult to quantify how much money has been stolen as a result of the mobile-phone malware, mostly because the thieves can access an account through any normal channel after they steal credentials through a phone. Still, the prevalence of the malware is significant enough that it has caught the attention of the Federal Bureau of Investigation and U.S. banking regulators.”
According to the Journal, attacks have occurred on the two most common mobile operating systems— Apple Inc.’s iOS and Alphabet Inc.’s Android. Phones typically come with built-in security protections, but the devices can still be vulnerable.
Last week Apple urged some iPhone users to update their software due to a security flaw that could allow a hacker to remotely take control of the operating system.
Ian Holmes, banking-fraud-solutions manager for analytics firm SAS, told the Wall Street Journal that he estimates that the Acecard malware has customized overlays to imitate 50 financial-services apps.