"From our vantage point, there’s little doubt that mobile apps have become the newest area of extreme vulnerability for financial organizations, leaving them exposed to fraud, security breaches, and other acts of piracy. With users moving in droves from PCs and laptops to smartphones, it is inevitable that malware will migrate to the new device of choice, and in rapid succession.
The stats bear this out: for example, RSA detected 350,000 malicious Android app samples in 2012, up from just 1,000 in 2011. Banking trojans found on the desktop have morphed to mobile attack mode: the Citadel trojan, one of the fiercest banking attacks online, was modified to become CitMO (Citadel-in-the-Mobile), a worm that can install itself on Android devices and intercept one-time passwords and authentication messages sent by a bank to a mobile device." Continue Reading