Latest Android banking malware threat intel and detection

29 augustus 2017
12:00u - 17:00u
The Hague Security Delta Campus, Wilhelmina van Pruisenweg 104, 2595 AN The Hague
Securify B.V.


1) Latest Android banking malware threat intel

Since early 2014 mobile banking malware has been on the rise. This type of malware currently only targets the Android platform because of its large market share (>85%) and open ecosystem, in which it is relatively easy to infect devices.

The details usually differ for every attack, especially between different malware families, but the infection vector has remained the same: either trick the user into installing a malicious application from the Google Play Store, or (through some elaborate social engineering) trick the user into installing an application directly from the attacker’s server.

Once the device is infected many things can happen. So far all banking malware shares the same attack vector: when a targeted application is opened by the user it shows a screen asking either specific information for the targeted app (like login credentials) or a generic “please give your credit card details” screen. If a user fills in the requested information it is sent to the attackers who can then use it to perform financial fraud.

Interested in the latest Android banking malware threat intel? Come to our event and we will share the latest modus operandi of Bankbot, Marcher and Mazar 3.0 to contribute to a safer ecosystem which benefits everyone.

2) Protect your Android users

CSD for Android is an Android library created by Securify that can be integrated easily into any existing Android app. One of the features of the library is that it will detect overlays that are projected over the running app (malware attack vector). Such a detection will trigger an alert which is sent to the CSD server where it can be judged by a malware analyst and (automatically) forwarded to any fraud analysis system. Using YARA rules the overlay trigger (or detection of other suspicious behaviour) can be combined with other variables to lower false positive rates and make fraud detection more effective.

Securify will provide a working demo of all core and unique features of the Android library and detection portal and there will be time to ask our malware experts questions, don't miss it!

Betrokken HSD partners