Banking Trojans Threaten Payment Credentials

Banking Trojans Compromise Credit Card Details

Another report about banking trojans has surfaced.

The concept of cybersecurity threats has become a common threat, and it’s garnering a lot of attention – for good reason. The rapidly-growing world of cyber criminals poses a threat to virtually every industry, with payments leading the way.

Where the topic of payments and cyber hacks have really taken center stage have been with the many banking trojans that threaten the card on file landscape. Just this week on Dec. 19, reports of another major baking trojan infecting the space hit the newswires when a banking trojan called Faketoken began getting the attention of security experts.

What’s unique about this type of Android trojan, as opposed to mobile banking trojans that the industry has become accustomed to, is they are now coming equipped with file-encryption features that take the old-school hacking to a new level.

Here’s how it works, according to Kaspersky Lab researcher Roman Unucheck.

The trojan creates fake login screens for the various financial apps, and uses that to steal login credentials. This app is also equipped with phishing pages that has the ability to steal credit card details – which is where the real threat to the card on file space comes into play. That’s because storing banking logins on apps and mobile browsers is the norm today for consumer behavior.

The Card On File Ecosystem Threat

Kaspersky researchers believe the creator of this trojan have also used this to encrypt files stored on a user’s phone SD card in order to gain more details that help secure more details needed to hack mobile banking apps. It has reportedly infected more than 16,000 devices across 27 countries.

“Once the relevant command is received, the Trojan compiles a list of files located on the device (external memory, memory card) corresponding to the given list of 89 extensions and encrypts them,” Kaspersky Lab researcher Roman Unuchek wrote in a blog post. “The AES symmetric encryption algorithm is used, which leaves the user with a chance of decrypting files without paying a ransom.”

Of course, this isn’t the only mobile banking trojan threatening the card on file ecosystem. There’s another trojan researchers have discovered called Tordow 2.0 that also encrypts files steals login credentials and manipulates banking data.

And that’s just the tip of the banking trojan iceberg. 

Growing Payments Threats

When it comes to card on file security concerns, everyone in the payments ecosystem is concerned about apps and web browsers that store payments credentials. There is, of course, still the growing threat to payment credentials of card data stored in systems. Card on file threats have taken this concern to the next level.

That’s not to say there aren’t plenty of threats impacting the physical payments world. In fact, in November 2016, Madison Square Garden experienced an attack on its payments system.

How do these types of threats often happen? Virtual skimmers. Not only are the payment apps that store payment credentials a threat when data gets hacked, entire payments systems are regularly vulnerable to hacks.

While not every attack on payments systems ends up impacting consumer’s credit cards that were stored in those systems, it certainly shows where the vulnerabilities exist in today’s modern world of cybersecurity hacks where hackers have more outlets than ever to breach consumer’s credentials.

The other problem with these types of breaches (and Madison Square Garden is certainly not alone), is that when a major company is breached, it’s often unknown just how many consumers are impacted, and what measures need to be taken to fully prevent the same attack from occurring in the near future. The same goes for card on file breaches. 

Although the world of cyber attacks, credit card breaches and mobile banking trojan threats are only likely going to grow, what’s really going to catch everyone’s attention in the card on file ecosystem is how companies and software makers execute on security measures to keep those payment credentials as safe as possible.

At least until another threat enters the market.