Android Trojan targets customers of banks in the US, Europe
A faked malicious Flash Player Android app drives device holders to grant it device administrator rights via a fake Google Play service. The phishing routine is run by overlaying a screen with the fake forms and stolen graphics over the legitimate app. Once the device holder opens one of 94 different mobile banking apps or a number of other popular social networking or messaging apps, it asks for payment card details and online banking credentials.
Original source: Help Net Security. Read the full article >>>
The IntactPhone Protection
Yes, it is a simple phishing routine, but many device holders fail to understand apps’ vulnerabilities and almost automatically install apps they like. The need to eliminate careless use is evident.
Here is how IntactPhone eliminates the possible impact of phishing routines:
IntactPhone does not enable access to Google Play.
All app installations are managed via the Command and Control center policies.
IntactPhone offers a global app store with safe apps, approved by cyber security experts.
IntactPhone does not use Google services of any kind.
IntactPhone supports granular apps permission management, including sending faked data.
IntactPhone provides the ability to completely block adding device administrators, thus mitigating this attack vector.
At times, the most simple phishing routine does the most damage. IntactPhone does not allow it.