Ransomware: Now Aiming At Banking Apps

Ransomware: The very word is unpleasant, turning up the seamy underbelly to hardware and software. But it is a real thing, and it’s gotten immensely popular. And now, it’s crashing our party.

Of course, ransomware is still basically malware in that it restricts access to the system it infects. However, it goes further than rival strains by specifically demanding a ransom in order go away. Like other viruses its specific origins are dubious, but there’s no question that this bit of capitalist skullduggery initially gained traction in Russia. True to form, it didn’t stay there long—according to anti-virus vendor McAfee, it doubled in scope in one year to 250,000 unique samples in the first quarter of 2013.

Those with memories of Soviet-era paranoia and Cold War hysteria might remember that there were constant fears of Russian spies sabotaging the U.S. infrastructure. One supposed threat was that those sneaky Russkies would infiltrate the banking system and undermine it, bringing the economy to a screeching halt. Well, it’s a few decades later, and the latest ransomware may not be quite such a problem, but there’s a whiff of those old fears anyway.

So, meet Svpeng. Kaspersky Labs first shed a light on this nasty piece of work last year, when it was still in mother Russia. But in June, a particular breed arrived here in search of Android devices. More specifically, it takes direct aim at mobile banking apps running on those devices and uses them to shut down the phone or tablet. The ransomware then emerges to ask for money to unlock it.

All this is bad enough, but there’s another milestone of sorts here. By some accounts, this is the first major virus to systematically target mobile banking apps. And given that there are more than 100 million mobile banking users in the country, that’s potentially very bad news.

While these are early days and there will surely be other variants, here’s how the scenario currently plays out. Svpeng gets into the device through a coordinated social media campaign, then seeks out apps from a list of blue-chip vendors, such as American Express, Citigroup, Bank of America, Wells Fargo and JPMorgan Chase. And once it’s in there it’s almost impossible to scrub.

The ransomware takes the form of a fake FBI letter that asks for $200 in the form of to be paid through Green Dot MoneyPak cards. (It helpfully suggests outlets where those cards can be bought.) So far the malware doesn’t seem to be stealing bank credentials, but that’s what it did in Russia, so it will likely happen here soon enough.

That fact that malware has become so targeted and proficient is not a surprise, but it’s unfortunate nonetheless. The bigger worry may be that the financial services providers developing and distributing those for the public to use can’t really do much about it—they can perhaps exert some control over customers’ interactions with those apps, and that’s about it.

We’ve known all along that the unbelievable growth of mobile banking would give rise to a new generation of cyber criminals, and it’s happening now. There will be more such attacks not less, and we can’t put the genie back in the bottle, any more than we can take control of our customers’ phones.

There’s no magic bullet here. What we can do, over and over again, is urge our customers to practice greater caution in downloads and communication with strangers. Most consumers still fail to exercise basic security procedures, and a little goes a long way. Otherwise, we’ll all end up paying the ransom.

Speak Your Mind