Device fraud is on the rise, according to a new report on mobile malware

Share This Post

“The most worrying leitmotif is the increasing attention to On-Device Fraud (ODF),” Dutch cybersecurity company ThreatFabric said in a report shared with The Hacker News. “Just in the first five months of 2022 there has been an increase of more than 40% in malware families that abuse Android OS to perform fraud using the device itself, making it almost impossible to detect them using traditional fraud scoring engines.”

Even though a combination of new and current banking trojans increasingly target Android smartphones to perform on-device fraud, a research of the mobile threat environment in 2022 indicates that Spain and Turkey are the top targeted nations for malware operations (ODF). Poland, Australia, the United States, Germany, the United Kingdom, Italy, France, and Portugal are all regularly targeted countries.


  • To make matters worse, the banking trojans have also been observed constantly updating their capabilities, with Octo devising an improved method to steal credentials from overlay screens even before they are submitted. “This is done in order to be able to get the credentials even if [the] victim suspected something and closed the overlay without actually pressing the fake ‘login’ present in the overlay page,” the researchers explained.

  • Hydra, FluBot (aka Cabassous), Cerberus, Octo, and ERMAC accounted for the most active banking trojans based on the number of samples observed during the same period. Accompanying this trend is the continued discovery of new dropper apps on Google Play Store that come under the guise of seemingly innocuous productivity and utility applications to distribute the malware – What’s more, on-device fraud — which refers to a stealthy method of initiating bogus transactions from victims’ devices — has made it feasible to use previously stolen credentials to login to banking applications and carry out financial transactions.

Last year, Google attempted to tackle the problem by ensuring that “only services that are designed to help people with disabilities access their device or otherwise overcome challenges stemming from their disabilities are eligible to declare that they are accessibility tools.”

ERMAC, which emerged last September, has received noticeable upgrades of its own that allow it to siphon seed phrases from different cryptocurrency wallet apps in an automated fashion by taking advantage of Android’s Accessibility Service. Accessibility Service has been Android’s Achilles’ heel in recent years, allowing threat actors to leverage the legitimate API to serve unsuspecting users with fake overlay screens and capture sensitive information.


Related Posts

Rewind: a decade of iPhone camera innovation

If you skim the charts below you will see...

Westpac payment terminals will use Android Phone

The service, named Westpac Tap On Phone, will offer...

The victim took a photo on the phone and the man was charged with murder

A witness told police that Martinez had been parked...

Available for iOS and Android, Landindex is the Metaverse’s terrestrial data aggregation and analysis app

“The metaverse is growing exponentially,” said Mert Eskinat, CEO...
- Advertisement -spot_img