Malware can now Steal Bank Data Sent by SMS

Cybercrime has become a cause of concern worldwide! 2013 is expected to be even worse for mobile users! Virus code writers have been developing several malicious Android apps, specifically to steal Mobile Transactions Authentication Numbers. These malicious apps uses a variant of the banking malware (Carberp) to target customers of different banks.


The numbers, better known as mTANS ( abbreviated form) are unique numbers generated by banks and sent to their respective customers via SMS’s. Many banks rely on mTANs. They use it as  security mechanism to prevent money transfer from compromised online banking accounts.

How does mTANs work

Whenever a transaction is being made from an online banking account, the bank after generating a  secret code sends it to its respective customer. The secret code is called mTAN and is sent to the requested person’s phone number via SMS. The account holder then simply has to enter that code back into the banking website for authorizing the transaction, says Secure List in its Monthly Malware Review.

Although considered as safe, cyber criminals have successfully developed a method for overcoming such a hard-to-beat defense too. They have created malicious mobile apps that modify the transaction so that user credentials are sent to a malicious server rather than a bank server.

Online banking has become very popular and banks are actively promoting online banking with various authorization methods. Naturally, mobile users are compelled to download and install such apps on their phones when they visit the online bank websites – thereby, offering cyber criminals a chance to attack financial institutions and banks in particular.

Posted by with Tags
The author Hemant Saxena is a post-graduate in technology and has an immense interest in following Microsoft and other technology developments around the world. Quiet by nature, he is an avid Lacrosse player.