The art of fake banking apps

Last year was the year of the cybercriminal and we saw it reverberate around the globe from Russia, China and Brazil to the United States and it appears that 2015 is shaping up to be another year in which cybercriminals are gearing up to ensure they prosper.

Trend Micro mobile researchers recently investigated a hacker gang based in Yanbian, Jilin in China (located near the North Korean border) that use mobile malware to siphon off money from account holders of South Korean banks. This gang has been operating since as early as 2013 and is able to transfer up to US$1600 worth of local currency from victims’ accounts every single day.

In its analysis Trend Micro looked at a total of 1007 fake Google app versions, 994 of which were fake versions of the Google Play app while 13 were fake versions of other Google apps. Cybercriminals spoofed Google apps since these usually come preinstalled on every Android mobile device.

Lastly, they created a fake app called “The Interview” which spoofed the movie of the same title. When a user clicks on the app’s button’s, it downloads the malware onto the device and consequently steals the user’s mobile banking credentials.

Much like the rest of the cybercriminals in China, members of the Yanbian Gang may have learned from so-called masters or baishis, who passed on their blackhat skills and know-how to their apprentices or shoutus.

The Yanbian Gang have four major players or groups:

1. Organisers – These are the founding fathers of the group. They are responsible for scouting and recruiting new members.

2. Translators – They localise threats based on the countries they wish to target.

3. Cowboys – They reside in the same countries as their attacks’ intended victims. They are responsible for collecting the proceeds from successful attacks and giving them to the organiser.

4. Malware creators – These are the malicious app developers.

The scary thing about cybercriminal gangs like this one is that they are borderless. South Africans can sometimes get stuck in the mindset that things like this will never happen to them but the reality is that no matter where in the world cybercriminals are they will target your country if they feel that it’s a lucrative market,” says Gregory Anderson, country manager at Trend Micro South Africa.

My advice to local users it to think before you click. These malicious apps are becoming increasingly like their legit counterparts, so be careful of what and who you trust.

* Follow Gadget on Twitter on @GadgetZA