It has come to light that pirated phone applications are now being used to hack into personal details, including photographs and bank credentials, of mobile phone users. With the help of malware implanted in them, hackers are accessing mobile wallets and banking applications on people’s mobile phones.
This has become a cause for concern as online transactions have increased in the wake of demonetisation, and the number of such malware entering mobile phones are also on the rise, experts have said. The victims are also led to malware implanting websites through links sent through WhatsApp messages.
Pavan Duggal, Supreme Court advocate specialising in cyber law, said that the number of cases pertaining to mobile wallets being comprised in Bengaluru itself has gone up. “In the wake of demonetisation, breaches in cyber security have increased,” he said.
How it works
Mobile users should be aware that the malware, including ransomware, keylogger and coat-trailing trojans, can be transmitted through the applications. “These malwares infiltrate the mobile phones and computers too,” said N. Vijayshankar, cyber security expert. They point out that there are three methods in which a phone or laptop can get compromised by a malware – via an application-led attack, through browsers or through Internet networks like free Wi-Fi.
“Once a malware such as ransomware is implanted in the phone, it either locks the phone or encrypts the data. Important data like photos, bank details and other information can be stolen,” said Kapil Awasthi, security evangelist, Checkpoint, India, a cyber-security company.
With the increase in digital payment mechanisms, ransomware operators can be expected to launch more attacks. “Earlier, laptops used to be the targets for malware. Now, even mobile phones are targets. In the last eight months, we have seen desktops, which are behind layers of security in an organisation, also being attacked by ransomware,” he said.
Once locked or encrypted, the hackers demand a ransom. “Most often the payment has to be through bitcoins. However, the ransom is most often an amount that is affordable by the victim,” added Mr. Awasthi.
Meanwhile, the key logger malware captures the key strokes and in this manner steals the credentials. The accompanying trojan on the other hand enters a particular site, like that of a bank, when the victim logs in and then transfers the money into different accounts.
Laws needed
Mr. Duggal added that there is a need to have a proper legal framework to assist victims who lose money to cyber criminals. “There should be dedicated cyber security laws as India is already on the way to a cashless economy,” he said.
