Sanctions in the field of online banking – a new “gold mine” for fraudsters

“Kaspersky Lab” revealed a new way to scam using remote access programs. Attackers disguise malware as banking applications, distribute it via instant messengers, and try to gain control over devices running on the Android operating system.

“Even last year, judging by the reviews on Google PlayIn order to force the victim to find and download a certain program for remote access in the store, the attackers invented a variety of tricks. For example, they referred to the fact that the application was renamed allegedly due to sanctions, so it has nothing to do with this or that bank. They tried to intimidate that only with this application the data will be safe or that it is necessary so that no other device can connect to the client’s personal account. There were other reasons: allegedly they tried to get a loan for the user, and in order to cancel the operation, you need to use the bank support service software. We do not rule out that similar legends could be used by attackers when they began to distribute already modified versions of programs for remote access,” said Dmitry Kalinin from Kaspersky Lab.

According to experts, about a hundred such attacks have been prevented over the past 11 days.

“Attackers copy legitimate remote access apps, one of which is also on Google Play, but deliberately mislead people by modifying them. They change the very name of the programs and icons, add the name and visual of the desired bank, as well as inscriptions in some text fields. Legitimate applications are open source programs, so it was not difficult for attackers to create fake applications based on them,” Kalinin added.

According to the explanation from the “Laboratory”, the criminals first contact people under the guise of a bank support service. The victim is then persuaded to download a fake “support app” that is sent as an installation file. If the user installs this file, the only thing left for the scammers is to obtain the necessary information for remote access to the smartphone. Control over the device allows you to enter a real bank account and easily steal funds.

Huge sums have already been stolen in this way. According to the Central Bank of Russia, in the first quarter of 2023, social engineering, under which this method falls, accounted for 50.5% of all cases of theft. Criminals stole 4.5 billion rubles through unauthorized transfers, of which banks were able to return only 860 million.

Interestingly, the method’s popularity increased after some major apps were removed from the App Store and Google Play due to sanctions. Hackers could not help but take advantage of the inconvenience experienced by bank customers.

“In 2022, fraudsters began to actively use social networks and mobile applications to steal money,” the Central Bank confirmed. From February 28 to December 31, 2022, the Central Bank initiated the blocking of 1,942 pages on the social networks VKontakte and Odnoklassniki and 23 mobile applications in the App Store, Google Play and other stores.