"previously unseen tricks,"
Unseen that is outside of Fort Meade.
Cybercrooks have brewed up a malicious Android app that bundles a raft of banking fraud tricks into a single strain of mobile malware. The Secluded HijackRAT is banking trojan that packs together new and previously unseen tricks, according to net security firm FireEye. The mobile nasty combines private data theft, banking …
Just say NO to banking apps on And[r]oid
No, this is NOT intended as a troll-ish "FTFY" thing. Say everyone starts saying no to banking apps - what happens? The bad guys move on to some other type of app where they can continue to profit - do we then boycott this newly target type of app? And what then? Boycotting will not solve the issue, merely shift it to another place.
The root cause is lack of education of owners. Think about it - when someone buys a new PC these days, they are automatically prompted to get some kind of antivirus. If the same philosophy were applied to Android phones - say a walkthrough on start-up briefing the new buyer on permissions and security, I'd be willing to bet we'd see a significant drop in infection rates.
Surely the best way to stop attacks on banking apps is to simply restrict what you can do with them.
Even if I logged someone in to my banking app, the most they could do is inconvenience me a little. All I can do with it is move money between my accounts and pay money to payees already set up via the main banking website. I cannot create payees using the app. And that suits me fine. The worst anybody could do is pay off some money off my credit card or mortgage, or transfer to another bank account of mine. Irritating to me, but, worthless to a thief.
Security by lack of functionality, perfect.
This post has been deleted by its author