Russia’s Central Bank has warned of hackers targeting banks’ mobile apps

 The Central Bank of Russia has warned of the emergence of a group of hackers investigating vulnerabilities in banks’ mobile applications.

The Bank of Russia has detected a shift in hackers’ attention from the banking infrastructure to customers’ financial mobile applications in order to steal data or money from their accounts. The regulator suggests that a highly skilled hacker group has emerged in the financial market specializing in the deep analysis of mobile applications in order to detect and exploit weaknesses and vulnerabilities.

The survey is based on information exchange between the Central Bank and financial market participants. 818 organizations, including 365 banks, are currently included to it.

“The data available to the Bank of Russia suggests the emergence of at least one group of attackers focused on the skilled hacking of financial mobile applications,” the survey said.

The Central Bank cited two examples in which cybercriminals discovered vulnerabilities in mobile apps and used them for hacking. As a result, in the first case, a server containing files with the personal data of a bank’s customers – more than 100,000 lines – was published on the Web: Name, gender, mobile phone number, email address, place of work, account and bank card number, account type, currency. In the second case, the hackers managed to steal money by logging into the bank’s mobile app and, when making a transfer, substituting their account number with that of another bank customer, who became the victim.

“These two examples are not the only cases of attacks on mobile applications of financial institutions that have occurred recently,” the review specifies. In this regard, the Central Bank has recommended banks to strengthen the protection of mobile components of remote service systems.