Singapore consumers warned of malware targeting mobile banking services

Once downloaded onto the mobile device, the malware hijacks credit card information and intercepts SMS one-time passwords to make fraudulent online purchases, warns Association of Banks in Singapore.

Mobile users in Singapore have fallen prey to a malware targeting banking services and hijacking sensitive data such as credit card details and one-time passwords (OTPs).

The malware affects both Apple iPhones and Android smartphones, particularly those that have been rooted or jailbroken, the Association of Banks in Singapore said (ABS) in a statement Tuesday. The industry group has 158 members comprising both local and foreign banks.

The malware targets its victims by prompting the user to download a malware-infected app or to grant permission to certain apps or update existing apps. Once given permission to do so, the malware is downloaded into the device where it then accesses confidential information including credit card data and SMS OTP, which is used to authenticate some banking services as well as online transactions.

For instance, mobile consumers will be asked to enter their credit card data to upgrade their WhatsApp messaging app. Upon doing so, a "System Update" box will pop up and the malware will "take over" control of the smartphone to tap the credit card details and intercept the SMS OTP to make fraudulent online transactions.

According to ABS, there had been several reports of breaches involving the mobile malware over the past couple of months, indicating that hackers were expanding their target beyond online banking services via desktops to the mobile realm.

It further pointed to an increase in mobile banking customers in the country, from 1.5 million in 2013 to 2.4 million this year.

Citing a 2014 report from Motive Security Labs, ABS added that the number of mobile malware infections climbed 25 percent last year and some 16 million devices worldwide contained malware.

ABS Director Ong-Ang Ai Boon said: "Mobile banking customers are as susceptible to malware as desktop computers or laptops [and] are reminded to download applications only from trusted sources."

android-malware.png