Anatomy of a Hack - Mobile Banking Applications

Share Button

EasySol-Anatomy of a Hack 1One of the things that we do at Easy Solutions, to help protect banks from fraud, is perform passive monitoring on paste sites, social media sites, and the black market. We see all kinds of crazy things and we wanted to share this example. In the case below, we found what appeared to be source code for one of our client's mobile banking apps. We pay attention to this kind of thing because evidence of publication of source code can lead directly to increased attacks-especially as they relate to mobile apps.

Image 1 - An attacker publishes the source code for a banking application

The process for obtaining the code is fairly simple, using tools such as dex2jar and APK Multi-tool. The dex2jar tool reverse-engineers the APK and returns the application’s source code. Using APK Multi-tool provides all the applications resources and configuration settings.

DI2

Image 2 - View of the code obtained after using dex2jar

EasySol-Anatomy of a Hack 3

Image 3 - APK multi-tool debugs the app and returns all the resources.

The threat vector that we are looking for is a surge in fake mobile banking apps that are recompiled to include special functionality to record login credentials, and present additional challenges to the user for additional information like SSNs, DOB, PIN numbers, etc. These applications are frequently found in one of hundreds of Android app stores on the Internet. It is important to keep an eye out for precursor activity like this that might lead to direct attacks against customers down the road.

 

Related Posts

Video Blog: Detect Safe Browsing Risk Controller Flexibility is an integral part of any strong fraud-monitoring service. The Risk Controller feature from Detect Safe Browsing Mobile allows financial institutions to create custom tolerance levels for risk factors affecting their end-users
Fake News and Digital Trust: How to Take Back Control of the Web from Cybercriminals Last year was an unprecedented time for cyber security and fraud with a record number of exploited vulnerabilities and high-profile breaches.

Leave a Reply

Your email address will not be published. Required fields are marked *