McAfee predicts 2012 to see more attacks on mobile banking apps
Mobile financial services are attracting more and more attention, and not all of it is good. According to technology security company McAfee, more consumers are accessing their financial services via mobile devices and bad guys are looking to exploit that shift.
McAfee Labs released its 2012 Threat Predictions report, and along with apocalyptic-sounding cyberattacks on utilities and infrastructure, attacks on mobile devices, especially attacks targeting mobile banking, are high on the list of threats.
McAfee reported that 2011 had the highest levels of mobile malware ever and predicted 2012 will be even worse.
"Many of the threats that will become prominent in 2012 have already been looming under the radar in 2011," said Vincent Weafer, senior vice president of McAfee Labs, in a statement. Weafer said the general public has become more aware of some threats, but cybercriminals are improving their toolkits and malware and are ready to make a significant impact in 2012.
The company said it expects cybercriminals to get better at mobile attacks and begin targeting mobile financial services specifically.
"Attackers have moved on from simple destructive malware to spyware and malware that makes them money," the report said. "We've seen them exploit vulnerabilities to bypass system protections and gain greater control over mobile devices."
For instance, according to McAffee's report, Zeus and SpyEye, two crimeware kits used to steal money from online bank accounts, have been adapted to use mobile apps as "helpers" to bypass two-factor authentication and gain access to victims' money. The report said that Zitmo (Zeus-in-the-mobile) and Spitmo (SpyEye-in-the-mobile) forward SMS messages to attackers giving them the ability to log-in to accounts and steal money.
"We expect to see attacks that leverage this type of programmatic technique in greater frequency as more and more users handle their finances on mobile devices," the report said.
According to the report, cybercriminals have adapted quickly to every change meant to secure banking on PCs and McAfee expects attackers to bypass PCs and go straight after mobile banking apps.