If you’re worried about the security of mobile banking, you’re not alone. Mobile banking apps use a wide array of complicated passwords, biometric tools (like thumbprint or facial scanning), and two-factor authentication to make sure you’re you before “you” try to mess with your money. But preventing anyone from being able to guess how to log in to your account does no good if your phone’s got malware on it that gives would-be baddies a wide-open back door.
As the Wall Street Journal reports, the presence of mobile malware designed to steal banking credentials is on the rise.
The software, including programs like Acecard and GM Bot, has drawn the attention of both the FBI and U.S. banking regulators, according to the WSJ.
There’s just not as much money in stealing credit card numbers anymore, as the seeming inevitability of wide-scale retail breeches means the market is oversaturated with stolen cards. Even criminal markets are subject to the law of supply and demand, and so that card data is just not worth as much to the criminal trying to sell it anymore, on average.
That means the enterprising digital thief needs to take a new approach.
This particular kind of malware spreads when a phone user opens a loaded text or advertisement. It then sits around on your phone until you open one of the targeted banking apps.
When you do open your banking app, the software creates a customized overlay — a fake front — that lets it grab the credentials you put in as you put them in. And boom: your password’s stolen. According to the WSJ, Acecard alone has those overlays ready for 50 of the biggest banking apps.
Phones are considered particularly vulnerable, because there are so many ways to get someone to open a link and so few users — not even a third, overall — use any kind of antivirus or anti-malware software.
So how can you protect yourself?
Know what your banking apps should look like, and don’t use them if anything about them looks “off.” Keep an eye on your statements and let your bank send you alerts for any unusual transactions. Try to avoid clicking any link that you don’t recognize, especially in strange texts — and consider trying one of the many free, reputable protection options for your phone.
Mobile Bank Heist: Hackers Target Your Phone [Wall Street Journal]

Editor's Note: This article originally appeared on Consumerist.