back to article Android banking malware sharply increased in the first chunk of 2021, reckons ESET

While enterprises stagger under sustained ransomware attacks, Android users are increasingly being targeted by banking malware, with Slovakian infosec firm ESET reckoning it had seen a 159 per cent increase in such malicious software over the last few months. Even though banking malware aimed at users of the Google mobile OS …

  1. johnB

    How many Android devices are secure in any case?

    As updates for Android only run for a couple pf years I'd guess most Androids are insecure by virtue of running an out-of-date OS.

    So running a banking app on Android seems a dubious practice at best. Even if the OS is currently up to date, it'll probably be no longer so by the time the device is disposed of.

    1. vtcodger Silver badge

      Re: How many Android devices are secure in any case?

      By the time a vendor has identified a vulnerability, crafted a patch, tested the fix, crafted a further patch because the first was incorrect or incomplete, tested that, and eventually distributed an update, the malware folks have probably moved on to exploiting a different vulnerability. In the current vernacular, the malware people are more agile. And they can afford to be. If their current product works poorly, there's always tomorrow. The same, unfortunately does not apply to you.

      Given the current state of internet security, it appears to me that frantically patching your software is the "Pearl Harbor" defense -- protecting yourself from the last war's technology. Not totally useless probably, but likely not very effective.

      So, what to do? AFAICS at present and for the immediate future, I'd suggest keeping your financial affairs off the internet to the greatest extent possible. Use paper and the postal service where possible. Bank physically, not electronically. If your country's consumer legal protections are weak, consider using cash or prepaid debit cards. Yes, that's inconvenient. Extremely so. But, as we say here in the states "It is what it is."

      1. katrinab Silver badge
        Megaphone

        Re: How many Android devices are secure in any case?

        Or:

        The malware authors only need to get lucky once.

        Google and the smartphone vendors need to get lucky every single time.

  2. JDPower666

    "now segments it into thirds of four months each"

    Perhaps they could make it quarters of four months. Perhaps give it a name. Something like "a month"

  3. Anonymous Coward
    Anonymous Coward

    Tongue in cheek?

    "Tongue in cheek, the firm added: “It is, however, interesting to see a real-life example of what can cause Android users to suddenly become interested in cybersecurity protection!”"

    I have witnessed millions of Android users "suddenly become interested in cybersecurity protection" due to fake virus warnings pushed by advertising companies.

    Here's just one example of a script that is used to fingerprint Android devices and then send fake virus warnings that lead to bogus "antivirus" apps on Google Play and even push malicious apk's disguised as an adblock app:

    hxxps://d2sbzwmcg5amr3.cloudfront(.)net/?wzbsd=910128

    URL scan link:

    https://urlscan.io/result/c7b9e50d-e3d5-472b-875e-c7813d986382/

    (Amazon hostmaster has been notified but I haven't heard anything back)

  4. a_yank_lurker

    Phone Banking

    Using any phone for banking has always seemed dubious to me. Too many ways things can go sideways were some miscreant can get your financial data. I personally only use a wired connection from a desktop computer to do online financial transactions and banking. Not immune but much harder to get at my information.

    1. DS999 Silver badge

      Re: Phone Banking

      It wouldn't be running Windows per chance, would it? Not sure why you would think that, or the wired connection, makes it more secure.

      1. Ken Hagan Gold badge

        Re: Phone Banking

        Compared to Android, the patching regime on a desktop (of any flavour) is far superior. The multi-user security model probably helps, too, if you are willing to use it.

      2. a_yank_lurker

        Re: Phone Banking

        Even with Bloatware as a Disservice, it is harder to intercept the signal and the device is harder to get access to and or steal. Any wireless signal can be intercepted; it is a radio signal. Depending on the quality or even the presence of encryption, the signal could be read fair easily. All phones are much easier to lose or steal and are more likely used outside the home or office than a desktop.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like