CFOtech Asia logo
Technology news for Asia's CFOs and financial decision-makers
Story image

Malicious Android apps targeting Malaysian bank customers

Researchers at cyber security firm ESET have analysed three malicious Android applications targeting customers of eight Malaysian banks.

To make a profit off customers who have increasingly turned to online shopping during the pandemic, cybercriminals are tricking these eager shoppers into downloading malicious applications, the company says.

In an ongoing campaign, the threat actors are trying to steal banking credentials by using fake websites that pose as legitimate services, sometimes outright copying the original. These websites use similar domain names to the services they are impersonating.

"To make the already couch-friendly approach of online shopping even more convenient, people are increasingly using their smartphones to shop," says  says ESET researcher Luk tefanko, who analysed the malicious applications.

"Smartphone purchases make up the majority of online shopping orders most of them from vendor-specific applications," he says.

This campaign was first reported at the end of 2021, with the attackers impersonating the legitimate cleaning service Maid4u. Distributed through Facebook ads, the campaign tempted potential victims to download Android malware from a malicious website. In January 2022, MalwareHunterTeam identified three more malicious websites and Android trojans attributed to this campaign. Recently, ESET researchers found four additional fake websites. All seven websites impersonated services that are only available in Malaysia.

The copycat websites do not provide an option to shop directly through them. Instead, they include buttons that claim to download apps from Google Play.

However, clicking these buttons does not actually lead to the Google Play store, but to servers under the threat actors control. To succeed, this attack requires the intended victims to enable the non-default Install unknown apps option on their devices.

When the time comes to pay for the order, the victims are presented with payment options they can pay either by credit card or by transferring the required amount from their bank accounts.

At the time this research was active, it was not possible to select the credit card payment option.

After picking the direct transfer option, victims are presented a fake FPX payment page and asked to choose their bank out of the eight Malaysian banks provided, and then enter their credentials. After the victims submit their banking credentials, they receive an error message informing them that the user ID or password they provided was invalid.

At this point, the entered credentials have been sent to the malware operators. To make sure the threat actors can get into their victims bank accounts, the fake e-shop applications also forward all SMS messages received by the victim to the operators in case they contain Two-Factor Authentication (2FA) codes sent by the bank.

"While the campaign targets Malaysia exclusively for now, it might expand to other countries and banks later on," says tefanko.

" At this time, the attackers are after banking credentials, but they may also enable the theft of credit card information in the future," he says.

"ESET Research has found the same malicious code in all three analysed applications, leading us to conclude that they can all be attributed to the same threat actor."

To protect yourself against this type of threat, first, try to ensure that you are using legitimate websites to shop:

  • Verify if the website is secure, i.e., its URL begins with https://. Some browsers might even refuse to open non-HTTPS websites and explicitly warn users or provide an option to enable HTTPS-only mode.
  • Be wary of clicking on ads and paid search engine results
  • Pay attention to the source of applications you are downloading. Make sure that you are actually redirected to the Google Play store.
  • Use software or hardware 2FA instead of SMS when possible and use mobile security solutions.
Related stories
Top stories
Story image
Digital Transformation
Kyndryl announces Kyndryl Bridge to drive business growth
Kyndryl Bridge uses operational data patterns and IP to improve and accelerate its AI-powered analytics and business objectives
Story image
Business Intelligence
IDC finds the majority of executives expecting a recession
59% of respondents believe 2023 will be a recession year. Of these, nearly 30% believe we are amidst a recession. Another 26% expect a recession in later 2022.
Story image
Digital Transformation
Smartsheet reveals new product innovations during Engage
New features on data visibility, project control and third-party solution integration are in store for local Smartsheet customers.
Story image
Digital Transformation
Ensono delivers cloud economics with engineering resources
The new service offers access to global cloud engineering and DevSecOps experts focused on accelerating digital transformation.
Story image
Digital Transformation
Alibaba Cloud unveils roadmap for international business
The Chinese firm commits US$1 billion to boost ecosystem capabilities while showcasing new products and comprehensive customer support for complete services.
Story image
Digital Transformation
Air Liquide successfully deploys Workday HCM across APAC
Air Liquide has successfully deployed Workday Human Capital Management (HCM) to digitally transform its HR processes and capabilities throughout Asia Pacific.
Story image
Software-as-a-Service
TinyML SaaS to become a billion-dollar market by 2030
ABI Research forecasts that TinyML SaaS revenue will exceed US$220 million in 2022 and potentially become a billion-dollar market by 2030.
Story image
Digital Boost Alliance
Digital Boost Alliance celebrates one year of digital acceleration in Aotearoa
The Digital Boost Alliance is a joint public-private initiative that supports the uptake of digital tools for small businesses, communities, and individuals.
Story image
Fintech
Why it makes sense to turn your finance function into a powerful business asset
Giving the members of your finance team the chance to develop professionally is good for their careers and your business.
Story image
Artificial Intelligence
Artificial Intelligence in cybersecurity - Future Market Insights
It is projected that revenue through the software segment in the AI in the cybersecurity market will grow at 15.8% CAGR during the forecast period. 
Story image
Digital Transformation
Nintex Promapp mobile app to deliver process-in-your-pocket
Nintex launches the Nintex Promapp mobile app, enabling users to gain efficiencies via process management, irrespective of their location.
Story image
Cloud
UiPath strengthens Snowflake partnership, launches integration
UiPath and Snowflake are enabling joint customers to design and build workflows based on 360-degree views of data on Snowflake’s platform.
Story image
Cloud
Frost & Sullivan recognises Tata Communications with five awards
Frost & Sullivan has recognised Tata Communications with the 2021 Indian Company of the Year Awards in five categories: managed security, SD-WAN, cloud interconnect, multi-cloud, and video managed services.
Story image
Cloud platforms
Salesforce partners with Snowflake and introduces ‘Hire Me’ button
According to a recent Salesforce report, 73% of customers expect companies to understand their unique needs and expectations
Story image
Artificial Intelligence
CUE Group expands operations at its Singapore hub
The Singapore-headquartered digital technology group has doubled down on its expansion into the Southeast Asian region.
Story image
Satellite technologies
Kacific wins big at the World Business Outlook Awards
The Kacific Group has been recognised in the World Business Outlook Awards for providing high-quality broadband services and infrastructure throughout APAC.
Story image
Tech job moves
Tech job moves - Accenture, Cohesity, Commvault & SnapLogic
We round up all job appointments from September 12-16, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Sustainable IT
IBM LinuxONE servers help clients reach sustainability goals
IBM has unveiled the next generation of its LinuxONE server, a highly scalable Linux and Kubernetes-based platform intended to support thousands of workloads in the footprint of a single system.
Story image
Digital commerce
VTEX and Adyen partner to extend unified commerce experience
"Through our partnership we are creating an all-in-one place that allows sellers to meet customers where they are in the buying process and unlock opportunities."
Story image
iOS
Microsoft announces a variety of new updates to Windows 11
The company says that ​last year’s launch of Windows 11 gave the PC a new outlook and that customer feedback has reflected that it is the most loved version of Windows ever.
Story image
Future Tech
Top seven CIO disruptions highlighted by Gartner
CIOs need to consider “what if” scenarios to avoid being blindsided by social, behavioural and technological disruptions, according to Gartner.
Story image
Appointments
Tech job moves - Atturra, Boomi, Kacific & Milestone Systems
We round up all job appointments from August 30 - September 9, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Subscriptions
Denodo launches subscription options for mid-sized orgs
Denodo has announced two new subscriptions of its Denodo Platform that are designed to help mid-market businesses.
Story image
Cybersecurity
Cyber security incidents more common in APAC - report
Chief financial officers in the Asia Pacific are woefully uninformed about their company's cyber security risks, according to a new report.
Story image
Artificial Intelligence
Singapore businesses fall behind in meeting customer expectations
Singapore businesses lag behind in their ability to act on customer feedback, and the speed at which they address it, according to Zendesk.
Story image
Verizon
Cybersecurity threats finance sector facing more cunning
The financial sector continues to be victimised by motivated organised crime, with servers being involved in 90% of financial breaches.
Story image
Data Privacy
Asia’s data privacy landscape is ‘coming of age’ – how can businesses cope?
Identity theft and online fraud are becoming more prevalent than ever. A recent IBM study revealed that stolen or compromised credentials were responsible for 19% of data breaches this year.
Story image
Digital Transformation
The need for digital transformation frameworks today
A digital transformation framework is a formalised plan for how, when and what strategic upgrades a company should make to core systems and processes.
Story image
Ransomware
Absolute recognised in KuppingerCole Leadership Compass 2022
The company's Absolute Secure Access was recognised for its ability to protect users and resources while improving the remote worker experience.
Story image
Customer Relationship Management
Remarkable Group announces latest specialist agency, Unify
As a specialist agency, Unify uses connected data to help companies utilise information to drive smarter business decisions, grow sales and improve CX.
Story image
Data analytics
Bluesky launches Snowflake innovation to optimise workloads
Bluesky has formally launched with its first product that provides greater visibility into Snowflake workload usage and costs.
Story image
Digital Transformation
Nanyang Technological University Singapore builds digital brand presence
Leveraging the customisation features of Sitefinity DX, non-technical users could upload content and create design pages and boost work productivity. 
Story image
Artificial Intelligence
Industrial cybersecurity market to be US$43.5 billion by 2032
The global industrial cybersecurity market is expected to be worth US$20.7 billion in 2022, rising to US$43.5 billion by 2032.
Story image
Cloud
MES software investment to reach $5.4 billion in 2031 - report
ABI Research predicts that MES software will reach US $5.4 billion in 2031 as manufacturers embrace new offerings that foster greater productivity.
Story image
Software Defined Wide Area Network
ConvergeOne a Cisco Gold Partner, receives Powered Service designations
ConvergeOne has once again achieved Cisco Gold Partner status as well as Powered Service designations across Cisco SD-WAN, Managed Business Communications, and Managed Unified Contact Center.
Story image
Cloud
Banking-as-a-Service to hit mainstream within two years
Some 30% of banks with greater than $1bn in assets will launch BaaS for new revenue by the end of 2024, but half will not meet revenue expectations.
Story image
Machine learning
Oracle announces MySQL HeatWave for Amazon Web Services
MySQL HeatWave is a service that combines OLTP, analytics, machine learning, and machine learning-based automation. 
Story image
Data
Businesses still losing mission-critical company data
The loss of critical data continues to disrupt businesses and remain an issue for organisations, according to a new study from Arcserve. 
Story image
Business
Accenture solutions help companies promote diversity, inclusion and equity
Research from experts at Accenture and other third-party sources has revealed some alarming statistics about employees' professional wellbeing and work attitude.
Story image
Transparency
LexisNexis shines light on need for financial inclusion
The survey of banks, insurers and non-bank financial institutions aims to better understand financial institutions' commitment to financial transparency.