Context: According to a recent study, more people are inclining toward digital payments and there is a rise in the number of people’s interactions with their bank or bank accounts happen through their smartphones.

• Global cybersecurity firm has recently warned of an increase in cyberattacks on Android and iOS devices in the Asia Pacific (APAC) as more people switch to mobile banking in the region.

Key highlights

• COVID-19 pandemic made a lot more people switch to digital modes of payment instead of transacting with cash which increased threat of cyberattacks on mobile devices.

• Mobile banking Trojans are dangerous malware that can steal money from mobile users’ bank accounts by disguising the malicious application as a legitimate app.

• A Trojan is a malicious code or software that looks legitimate but can take control of your device, including smartphones.

• There are two prominent malware campaigns that operate in the Asia Pacific region and target smartphone users in several countries.

Anubis

• It is a mobile banking trojan.

• It has been targeting Android users since 2017.

• It has continued to be one of the most common mobile banking trojans with one in 10 unique Kaspersky users encountering a banking threat from the malware.

How it works ?

• The perpetrators infect the device through legitimate-looking and high-ranking malicious apps on Google Play, smishing (phishing messages sent through SMS), and BianLian malware.

Roaming Mantis

• It is a malware targeting mobile banking users.

• It attacks Android devices and spreads the malicious code by hijacking domain name systems (DNS) through smishing exploits. 

• It is known for targeting Android devices, but it has recently targeted the iOS users.

How it works?

• The group targets users by sending smishing texts with a short description and a URL landing page.

• If a user clicks on the link and opens the landing page, they are redirected to a phishing page.

• Once the individual inputs their login credentials and proceed to the two-factor authentication, the attacker gets to know the user’s device and login details.

Issues related Interoperability 

• Mobile payment platforms have benefited from the shift in consumers’ adoption of mobile banking.

• They are operating in a closed-loop payment world where a Google Pay user can send money to another bank account via only the it’s payment platform.

• It is similar to how Visa and Mastercard operate as they let payment transactions happen only within their own networks, not between each other.

• Some countries are already making payment platform providers change their business model.

• China has ordered its internet companies to offer their rival firm’s link and payment services on their platforms.

• In India, a new law demands all licensed mobile payment platforms to be capable of providing interoperability between wallets.

• The push from regulators to make payment platforms interoperable comes at a time when the banking industry is facing a severe shortage of technical experts.

• The shortage of technology, engineering, data and security experts needed by banks to realise their digital aspirations.

• The lack of adequate cybersecurity and the dearth of talent in banking could potentially lead to a further rise in cyberattacks on user devices.

Road Ahead

• Usual practice of digital hygiene like keeping the phone up-to-date and rebooting regularly can be done.

• Further, consumers can ensure that they use their phones for banking only when the device is connected to a secure VPN (VPN stands for "Virtual Private Network" and describes the opportunity to establish a protected network connection when using public networks) and iOS 16 users can turn on Lockdown Mode as it limits the device’s functionality and protects it from any potential malware.