Keep the malware moochers at bay
Published 4:08 pm Tuesday, July 25, 2023
(Editor’s Note: The majority of this column was written, by me, in September of 2016. You will note near the bottom portion of the column where I have interjected a present-day version of such malware attacks.)
A few years back, a friend in the banking business told me that while the vault in his brick-and-mortar building was safe from attack, the real threat wasn’t muscle-bound men wearing body armor and brandishing weapons, but rather some lazy geek sitting in his underwear in the basement of his home staring at a computer screen.
According to the Wall Street Journal, my friend is correct.
Cybersecurity experts told the WSJ there is an uptick in breaches of individual bank accounts thanks to a new round of malware that specifically targets smartphones.
Malware programs with names like Acecard and GM Bot are now the darlings of the criminal underground. And it’s little wonder why — the use of mobile banking apps is up 10 percent from 2011. The Federal Reserve reports over 50 percent of smartphone users have used them to access their bank accounts in the last 12 months.
So the criminals naturally migrate to where the money is. ATM skimmer scams and credit card breaches are so last year, apparently!
The new types of smartphone-specific malware are built to steal your log-in credentials and they target both Android and iOS. Just days ago, Apple had to put out word to its customer base that a new patch was available for three recently discovered iOS exploits.
How does the malware get on your phone?
Malware programs like Acecard and GM Bot can show up on your phone if you click a virus-laden text message from an unknown party or if you accidently hit a “scammy” ad on a website.
So, what does the malware do once it secretly loads itself on your smartphone? Experts say it just hangs out…. waiting until you access any financial apps. When you do, it comes alive and creates a virtual copy of the authentic banking app to trick you into thinking you’re at the right place to log on. You enter your info and bam…it’s captured by the criminals.
Cybersecurity experts told the WSJ of nine ways that smartphone owners can protect their valuable banking information.
- Always make sure you install the latest software updates from your operating system. These often include security and protection updates to help protect your device.
- When it comes to downloading mobile banking apps, be sure you only install your bank, credit union or brokerage firm’s official apps that you find at their websites.
- Make sure you install malware protection and make sure that it is updated. Clark’s Virus, Spyware and Malware Protection Guide is a great way to find free and effective options.
- Beware of public Wi-Fi. You should never do any financial transactions on free public Wi-Fi. Period!
- Don’t fool with your operating system. People sometimes mess around with their OS in trying to download apps that aren’t sanctioned. Don’t do it!
- Don’t click on strange texts. Android users got a real scare last year when a report emerged that they could be hacked by text message.
- Disable auto-fetching of MMS for any messaging apps you use. Outlook.com has a step-by-step guide with screenshots for Hangouts and Messenger, among others.
- Use authentication features such as fingerprint identification. Make sure any password you use is unique to your mobile banking experience. Create safer passwords!
- Go through your bank statement line-by-line. Report any suspicious charges immediately.
According to safetydetectives.com, the most dangerous virus and malware threats in 2023 are as follows:
Ransomware encrypts your files until you pay a ransom to the hackers. “Clop” is one of the latest and most dangerous ransomware threats. It’s a variant of the well-known CryptoMix ransomware, which frequently targets Windows users.
Hackers have been increasingly sending emails that instruct readers to install urgent Windows OS updates. The emails trick readers into installing the “latest” Windows updates, which are actually ransomware ‘.exe’ files in disguise. The ransomware contained in these emails is known as “Cyborg”. It encrypts all of your files and programs and demands a ransom payment to un-encrypt the files.
Zeus Gameover is part of the “Zeus” family of malware and viruses. This piece of malware is a Trojan — malware disguised as something legitimate — that accesses your sensitive bank account details and steals all of your funds.
Cybercriminals often use current news stories and global events to target people with malware.
One example is hackers using the wave of the COVID-19 (Coronavirus) outbreak to target individuals with malware. Hackers send out emails that are disguised as legitimate information about the outbreak. Readers are prompted to click a link to learn more about the information, but the link contains malware that copies the files on your device and steals your personal information.
As more tools become available to developers who want to program AI scripts and software, hackers will be able to use this same technology to carry out devastating cyberattacks.
Although cybersecurity companies are using artificial intelligence and machine learning algorithms to help combat malware, these technologies can also be exploited to hack devices and networks on a massive scale.
Cyberattacks require a lot of time and effort to create and launch so as AI and machine learning evolve, it’s likely that cybercriminals will find ways to use it and come up with more advanced and destructive AI-based malware.
I don’t know about you, but I work hard for the money my boss pays me every two weeks. After looking at all the taxes deducted to help others afford food, shelter, insurance and gaudy rims and tires, I definitely would like to steer clear of another moocher of my money.
Cal Bryant is the Editor of Roanoke-Chowan Publications. Contact him at firstname.lastname@example.org or 252-332-7207.