Stay Safe With Mobile Banking
January 27
Recently, there has been a strong concern surrounding third-party mobile banking applications. A developer named Droidheaven released a Wells Fargo mobile banking app in mid-December. Droidheaven also has a large number of other applications in the market Market, mostly Android themes.
After performing static and network analysis, our research team determined that that the Droidheaven application was not doing anything actively malicious; however, we continue to warn users to be extremely cautious of third-party mobile banking applications. We’ve found that the application only contains boiler-plate webview functionality pointing to Wells Fargo’s mobile web site. Additionally, the application only requests “Network communication” permissions, preventing it from performing actions typical of malware such as stealing contacts or trying to spread to people on your contact list.
There are several reasons why untrusted third-party mobile banking applications are risky:
- These apps could contain malicious code that steals your bank account info and password as soon as you type it in—all of this information is easily available to the application developer.
- You also have no way of knowing whether you are being directed to a legitimate mobile banking site or a phishing site designed to look identical. On the standard browser, you can check to see whether the URL is correct and that the connection is encrypted with an appropriate certificate. In a third party banking application, however, you can’t trust any indicators (if they exist), as those indicators can be set to display false information specified by the application’s developer.
- Applications that do nothing malicious today can easily be updated with a malicious version.
If your bank does not provide a mobile banking application, it’s easy to create a shortcut icon on your home screen that links to your bank’s mobile website.
Read on to see how to create a safe, mobile banking bookmark on your home screen.






TGDaily
Also out of the Microsoft camp,
In Flexilis news, on Wednesday, we had our usual 
