According to a report by The Hindu BusinessLine, the US-based security research firm FireEye claims that seven banks in India have compromised mobile apps. The mobile apps from these banks were infected by malware and can steal sensitive information.

The firm has tracked such incidents that affected banks in Ukraine, Ecuador and India, with losses totalling more than $100 million.

“We have found mobile apps of seven large banks in India infected with malware that has the capability to steal user credentials. We have informed the banks about the same,” Raman said, without disclosing the names of the banks to prevent misuse of the vulnerabilities.

Raman said that while the security deployed by banks in India has improved over the years, hackers seem to be moving faster and banks are merely playing catch-up.

The two types of malware found on the banking apps include Webinjects and Bugat. While Bugat is a credential theft malware, Webinjects can do a lot more damage, giving hackers the permissions to dynamically alter what a smartphone displays on its screen that makes it a lot easier to trick victims.

“As India’s digital payment systems handle more transactions, they will become more lucrative targets,” Vishal Raman, India Head at FireEye told BusinessLine.

India has been on a path to digitisation of it’s banking system and along with the latest demonetisation move, more and more transactions are made per day. RBI has said that digital payments via UPI have surged by 20% in the month of March itself.

Source: BusinessLine