Due to a surge in mobile banking usage, malware threats increasingly target Android banking and digital wallet apps. Although defending against malware is a collaborative effort, mobile app publishers should ensure their apps are resilient against attacks from the start.
Malware — malicious software designed to steal sensitive data or make fraudulent transactions — predominantly exploits UI functionality offered by mobile apps or operating systems to launch attacks. Common types of mobile malware attacks:
Android overlays allow an app to display content on top of another app. These “floating views” can be used for login pop-ups or alerts. However, malware can also use overlays to trick users into clicking on malicious links or granting escalated privileges, allowing them to intercept financial data or make fraudulent transactions.
Accessibility services on Android — such as automation designed for reading text aloud, filling in forms, or clicking buttons — are designed to help users with disabilities interact with their devices. Unfortunately, malware can exploit these services to steal financial data or user credentials as well, if the app is not properly protected.
A keylogger is a type of malware that records all keystrokes typed on the device, including sensitive information like passwords, credit card numbers, and other personal data. Some keyloggers also exploit Android Accessibility services to intercept keystrokes.
Malware that uses screen sharing and recording can allow an attacker to remotely view and record activity on an infected device. This type of malware often tricks the user into granting escalated permissions, which gives the attacker access to everything from passwords and credit card numbers, to private conversations and images.
While there is no easy button to completely prevent malware, combating it effectively requires a collaborative effort from all stakeholders in the mobile app ecosystem.
You can find resources on how to protect your Android apps against malware in our Mobile Application Security Research Center. Learn about common malware attack vectors, and behaviors, as well as available and recommended defense techniques you can implement yourself.
Guardsquare provides both the security expertise and customizable protection tools required to harden Android applications against malware attacks.
Our dedicated security research team routinely analyzes new and emerging threats that can impact Android apps. With these insights, Guardsquare’s customers are uniquely positioned to balance effective security with a high-quality user experience. Our research has uncovered:
Learn more about Android Malware, their common attack methods and behavior, and how to protect your app against them in our malware research on the Mobile Application Security Research Center.
