https://www.fintechfutures.com/wp-content/themes/fintech_child/assets/images/logo/fintech-logo.png
  • Home
  • COVID-19
  • News
  • Intelligence
    • Back
    • Analysis
    • Interviews
    • Features
    • White Papers
    • Case Studies
    • Surveys, Reports & Infographics
    • Webinars
    • Podcasts
    • Videos
    • Library
    • Techwire
    • Browse
  • Publications
    • Back
    • Banking Technology Magazine
    • Supplements
    • Daily News at Sibos
    • Subscribe to Magazine
  • Content Hub
    • Back
    • COVID-19: industry impact & response
    • Challenger Banks Guide
    • Food For Thought
    • I’m Just Saying
    • Through a Gen Z Lens
    • Ask The Expert
  • Videos
  • WTF? Podcast
  • Awards
    • Back
    • Banking Technology Awards
    • PayTech Awards
  • Advertise
  • Jobs
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • Banking Technology Magazine Calendar
    • Reports Calendar
    • FinTech Futures Newsletter
    • Events
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech
  • US Edition
    • Intl. Edition
Banking Technology
  • NEWSLETTER
  • Home
  • COVID-19
  • News
  • Intelligence
    • Back
    • Analysis
    • Interviews
    • Features
    • White Papers
    • Case Studies
    • Surveys, Reports & Infographics
    • Webinars
    • Podcasts
    • Videos
    • Library
    • Techwire
    • Browse
  • Publications
    • Back
    • Banking Technology Magazine
    • Supplements
    • Daily News at Sibos
    • Subscribe to Magazine
  • Content Hub
    • Back
    • COVID-19: industry impact & response
    • Challenger Banks Guide
    • Food For Thought
    • I’m Just Saying
    • Through a Gen Z Lens
    • Ask The Expert
  • Videos
  • WTF? Podcast
  • Awards
    • Back
    • Banking Technology Awards
    • PayTech Awards
  • Advertise
  • Jobs
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • Banking Technology Magazine Calendar
    • Reports Calendar
    • FinTech Futures Newsletter
    • Events
  • US Edition
    • Intl. Edition
  • newsletter
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech

bankingtech.com

bankingtech.com


‘Insidious’ client-side malware targets banks through customers

  • Written by FinTech Futures
  • 17th July 2015
An example of an unauthorised pop-up caused by CSIM infection

An example of an unauthorised pop-up caused by CSIM infection

Banks are at risk from a new kind of ‘client side injected malware’ attack, in which attackers install malware on the customer’s device and use it as a base to attack their bank as well as steal private information.

While man-in-the-browser attacks using injected ads, spyware scripts, unauthorised cookies and fake surveys designed to look like they are part of the bank’s website or app have been around for some time, the CSIM attack is a relatively new malware phenomenon which has grown rapidly in the last six months.

Online security company Namogoo estimates that out of the 89 million people in the US who used banking services via mobile phone last year, between 5 and 13 million of these were infected with CSIM malware. This represents an infection rate between 5% and 15%.

One of the most striking features of the CSIM attack is that because it exists solely on the consumer’s browser or device, banks may find it difficult to monitor and control.

“What many financial institutions don’t understand is that even though the malware lives on a consumer’s device, it can cause a bank to be in breach of their own privacy standards, or even worse, in non-compliance with banking laws designed to protect the customer,” said co-founder and COO Ohad Greenshpan. “Just because you can’t see it on your servers doesn’t mean it’s not attacking your website or mobile app. While you’re watching your server back doors, this new form of malware is freely entering through the new front door – the customer’s computer, smartphone or browser.”

Consumers themselves fall victim to CSIM mainly through three paths, according to Namogoo’s research into CSIM:

  • Free utility apps and browser extensions that secretly bundle in malicious software, such as free flashlights, keyboards and free screensavers
  • Unprotected routers – consumers regularly change Wi-Fi passwords but very often forget to even set the router login
  • Legitimate consumer security software and popular anti-virus products that surreptitiously download ad injectors and CSIM onto consumer devices

The company also found that CSIM increased from 5% to 20% infection rate among iOS users – a finding that it attributes to the mistaken belief that Macs and iPhones are more secure than other devices. When CSIM is installed on a user device, it runs malicious scripts that steal the user’s credentials and send sensitive data to the script owner.

Tell-tale signs of a CSIM infection include ads, product recommendations and content that would not normally be present on a banking app or website. Namagoo’s report suggests that consumers may blame the bank for the poor user experience created by this additional content, adding a reputational and user experience element to the problem. Another common method is a survey which appears to be legitimate, but is actually just a device to steal the consumer’s personal information. It is also worth being aware that if a router ‘s login credentials are compromised, all devices accessing that router’s Wi-Fi will be infected with CSIM – so it’s worth changing your router login every now and then.

Namogoo created a technology aimed at combatting CSIM attacks. It is designed to suppress all active CSIM on consumer’s computer or browser when that consumer visits a Namogoo-protected site. The company does this by sending malware injection blocking rule sets to these websites.

“This is the new frontier for malware,” said Greenshpan. “It’s insidious, it’s alarmingly intelligent and it’s coming through the path of least resistance – via innocent consumers who don’t even know they’re infected. If financial institutions expect to keep winning the malware wars, they need to come to the new frontline.”

Cyber security continues to be rated as the single largest fear of bank executives, according to a recent study published by the DTCC in May. Among others, recent cyber crime incidents include the discovery earlier this year of an online gang using the Carbanak malware which stole up to $1 billion from banks in 30 countries around the world in a series of highly-sophisticated attacks over the last two years; and the events of February 2015, when a joint international operation by Europol’s European Cybercrime Centre seized servers said to have controlled the Ramnit botnet that had infected 3.2 million computers internationally.

Tags: Cybersecurity, Financial Crime & Fraud cyber crime, cyber security, Namogoo News

Leave a comment Cancel reply

-or-

Log in with your FinTech Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related


  • Video: Top fintech stories this week - 26 February 2021
    FinTech Futures’ weekly news round-up.
  • Atom Bank plans £40m shareholder fundraise in prep for future IPO
    The bank has raised £429 million to date from eight funding rounds.
  • Former international footballer Rio Ferdinand invests in Sokin
    Ferdinand joins as a shareholder in the cross-border currency firm.
  • ICYMI funding round-up: Zolve, Symple Loans, Butn, FunGuard & more
    We highlight a series of funding rounds that may have passed you by.
  • FCA boosts data strategy with new executive hires
    Stephanie Cohen, Jessica Rusu, Sarah Pritchard, and Emily Sheppard all join the watchdog.
  • Kalifa report says UK's fintech crown at risk from waiting competitors
    To mitigate the risks posed to UK fintechs, the report lists a number of recommendations.
  • US credit builder Petal closes $125m debt facility
    Petal has closed $440 million in debt and raised $100 million in equity.
  • Lloyds spends big on tech projects as profits slump 72%
    The bank spent around £1.2bln on tech in 2020, equivalent to the profit it generated for the year.

Related Content

  • Report: The power of data analytics in fintech solutions
  • India’s central bank to stop digital platforms from storing card details
  • Subway standardises its payments over all 42,500 restaurants globally
  • Landmark pan-European payment system EPI calls on fintechs for build phase

Dock - virtual roundtables

Dock is free to attend for banks and FIs

Click here to register

Sponsorship opportunities available at Dock

Click here for more info

Magazine

Banking Technology February issue out now

10th February 2021

Banking Technology December/January issue out now

16th December 2020
view all

Webinars

Webinar: How to stop massive mobile banking fraud with app security and risk-based authentication

9th February 2021

Webinar: Deep dive on ServiceNow’s purpose built product for finserv operations

7th January 2021

Banking Tech Awards 2020 hosted online by Tom Ward

30th November 2020
view all

Reports & Surveys

Report: The power of data analytics in fintech solutions

25th February 2021

Omdia Universe 2020-21: Temenos recognised as a leader for digital banking platforms

15th December 2020

Report: Digital KYB – a springboard to customer onboarding success

30th November 2020
view all

Content Hubs

COVID-19: industry impact & response

26th June 2020

The rise of challenger banks around the world

26th June 2020
view all

Podcast

What the Fintech? | S.2 Episode 5 | Rising to the top

25th February 2021

What the Fintech? | S.2 Episode 4 | TMRW never dies: digital banking in the ASEAN

18th February 2021

What the Fintech? | S.2 Episode 3 | Israel’s mobile lending tech scene

5th February 2021
view all

Videos

It’s a matter of comms | Episode 2 | Strategy

2nd March 2021

Video: Top fintech stories this week – 26 February 2021

26th February 2021

Video: Top fintech stories this week – 19 February 2021

19th February 2021
view all

White Papers

Embedded insurance: a $3tn market opportunity, that could also help close the protection gap

4th January 2021

White paper: The business value of ServiceNow for retail banks

12th December 2020

E-book: Migration to cloud – your guide to delivering an intuitive customer experience

8th December 2020
view all

Techwire

Dividend Finance Announces the First Governance, Risk & Compliance Solution That Intelligently Links to How Companies Operate

2nd March 2021

Carpe Data Partners with Unqork to Help P/C Insurers Improve Automation, Enhance Accuracy and Reduce Costs Across Rate-Quote-Bind and Claims Solutions

2nd March 2021

Xendit Raises US$64.6 Million Series B Led by Accel to Scale Its Digital Payments Infrastructure Ushering in a New Era of Economic Security and Reliability in Southeast Asia

2nd March 2021

Bank of New Hampshire Becomes First in State to Partner with ZSuite Technologies

2nd March 2021

Best’s Review Looks at How the Pandemic Is Transforming the Insurance Industry

2nd March 2021

ACI Worldwide and the Internal Revenue Service to Offer New Tax Payment Options for Taxpayers—Including Unbanked and Underbanked Populations—with ACI Payments, Inc.

2nd March 2021

Irish-based Fintech Firm Horizon8 Launches valid8Me, The Digital Identity Vault Solution Transforming Customer Onboarding

2nd March 2021

Prepaid Financial Services Is Now Known As EML Payments

2nd March 2021
view all

Twitter

FinTech_Futures

RT @Gehanam: This week's #Vlog was suggested by a reader who a #Founder of a #startup and was interested to know more about what does a #…

3rd March 2021
FinTech_Futures

Dear Luc: Your most embarrassing fintech problems solved In Dear Luc, we answer the questions the industry's finte… twitter.com/i/web/status/1…

3rd March 2021
FinTech_Futures

#Budget2021: What does it mean for UK fintech? fintechfutures.com/2021/03/budget… #FinTech #BudgetSpeech2021 #RishiSunak #Budget

3rd March 2021
FinTech_Futures

RT @moorwand: We've launched a new segment with @FinTech_Futures! 💳 Twice a month 'Dear Luc', the payments agony uncle, will be answering q…

3rd March 2021
FinTech_Futures

London calling "Yet this is not the death knell of the City as we know it." fintechfutures.com/2021/03/london…

3rd March 2021
FinTech_Futures

.@Square finally launches bank after filing first application in 2017 fintechfutures.com/2021/03/square…

3rd March 2021
FinTech_Futures

.@Piraeus_Bank extends Antelop partnership for digital payments [@AntelopSolution] fintechfutures.com/2021/03/piraeu…

3rd March 2021
FinTech_Futures

ABA Bank picks Alessa [@AlessaRCM] system to meet new AML regulations fintechfutures.com/2021/03/aba-ba…

3rd March 2021

Dock: virtual roundtable experience like no other

18-19 May 2021; FREE TO ATTEND

US Challenger banks: who's who & what's their tech

Free to read

Banking Technology Magazine February 2021

Free digital edition

Banking Tech Awards 2020 Winners Supplement

Free digital edition

Fintech Futures
  • About us
  • Advertise with us
  • Contact us
  • Fintech jobs
  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X