Page 15 - index
P. 15
Obfuscate the assembly code and use anti-debugging tricks to make difficult the reverse
engineering of the binary.
Remove all debugging statements and symbols.
Avoid app running on jail broken/rooted devices implementing additional checks.
Conclusion
Cybercriminals go where the money is, and so, they are focusing their effort for the
development of new malicious code in apps with remote command and control channels to
cause banking fraud. In addition, these malware is able to silently monitor and divert banking-
related activities, in the majority of cases they are used to steal victim‘s banking credentials or to
bypass two-factor authentication mechanism implemented by financial organizations.
So, two factor authentication is not enough. Mobile device identification is not enough.
Antivirus and firewall on mobile don‘t really work. It‘s time we take a new and innovative
approach to mobile banking security, starting with better app development and better security
countermeasures.
16 Cyber Warnings E-Magazine – CTIA Special Edition, September 2014
Copyright © Cyber Defense Magazine, All rights reserved worldwide
