Android financial threats: What businesses need to know to protect themselves and their customers

The rise of mobile banking has changed how businesses and customers interact. It brought about increased convenience and efficiency, but has also opened new doors for cybercriminals, particularly on the Android platform, which dominates the global smartphone market. According to ESET research, Android financial threats, targeting banking apps and cryptocurrency wallets, grew by 20% in H2 of 2024 compared to the first half of the year.

Fortunately, large financial institutions like banks have significant resources, enabling them to invest in and implement comprehensive cybersecurity measures to protect their systems and customers. However, smaller banks, wealth management firms or insurance agencies are often more vulnerable to cyberattacks. That’s because, while adopting secure technology practices and promoting cyber awareness among their teams is essential for them and their customers, many mid-size and small businesses struggle to implement such measures, leaving them exposed to potential threats.

Why target small business’ finances?

Small businesses, often limited in resources and expertise, are increasingly vulnerable to sophisticated financial cyberattacks. Businesses like accounting and payroll services that manage client payments or process sensitive transactions are particularly at risk, as a single breach can cost customer trust and have long-lasting reputational and financial repercussions.

Understanding the emerging threats and implementing proactive measures to protect both customers and business operations has become more critical than ever.

Alarming trends

Research has revealed an alarming trend around Android-targeted financial threats. Attackers are leveraging Progressive Web Apps (PWAs) and Web Android Package Kits (WebAPKs) to create malicious applications that can bypass traditional app store vetting processes and security warnings.

The mechanics of these attacks are sophisticated yet deceptively simple. Victims are typically lured in through phishing campaigns that exploit various communication channels, including SMS, automated calls, and social media advertisements. In all cases, victims are pushed, urging them to click on a malicious link.

By clicking on the provided link, the users are redirected to phishing websites that closely mimic official banking app sites, offering downloads for PWA/WebAPKs. PWAs are essentially websites bundled into what feels like a standalone application, using native system prompts. They are shortcuts to websites offering almost app-level interaction to the users. The same is true for WebAPKs, but they are packaged as APKs (native apps) for deeper integration with the Android system. In essence, WebAPKs are upgraded PWAs.

Once installed, these apps function as fake banking interfaces, obtaining sensitive data, by phishing or other means, and transmit it to attackers. Unlike with regular third-party APKs, when installing a WebAPKs, victims are not warned that they are installing “unknown apps”. There have been instances of these phishing WebAPKs having been installed from the Google Play store.

A multi-layered approach to threat protection

For businesses offering legitimate versions of the above-described apps, there can be substantial ramifications for having their property abused. From reputational damage, through financial loss due to users potentially abandoning their bank, to legal issues.

Hence, protecting against these threats requires a comprehensive strategy. Businesses need to implement a variety of proactive measures, including:

• Multi-factor authentication, which significantly reduces the risk of unauthorized access by requiring multiple verification methods. This approach combines something the user knows (e.g., a password), something they have (e.g., a smartphone or security token), and something they are (e.g., biometric data such as fingerprints or facial recognition).
• Consider usage of dynamic data encryption keys to mitigate the human risk element in cybersecurity. These data keys are uniquely generated for every transaction and change frequently making it harder for attackers to abuse stolen credentials.
• Regular security audits should help identify and address vulnerabilities before attackers can exploit them.
• Adopting stringent coding standards and conducting regular code reviews to minimize the risk of security gaps in app updates.
• Regular cybersecurity awareness training sessions keeping staff informed about emerging cyber threats and best practices for handling them.
• Deploy artificial intelligence which can detect unusual logins, transactions, and changes in the user account based on previous analysis of user behavior patterns.
• Cloud security enhancements, which leverage automatic updates and scalability to strengthen defenses while reducing reliance on physical servers.
• Gamified digital security education, engaging both employees and customers to reinforce password hygiene and social engineering awareness. Employees who recognize signs of phishing or malware can act as the first line of defense.
• Blockchain security applications, offering immutable and encrypted transaction records for additional protection against data breaches.

For all these actions, simplicity is key. User-friendly security measures, such as biometric authentication or password managers, should be intuitive and easy to use, encouraging businesses and their employees to adopt and maintain these practices long-term.

How to protect customers

At a time where convenience often comes with hidden risks, small businesses have an opportunity to differentiate themselves by demonstrating a commitment to security. This not only protects their operations but also builds customer loyalty in a competitive marketplace.

Educating customers is a vital step. Businesses can empower customers by highlighting their own security efforts, like two-factor authentication and secure transactions. By making security part of their brand identity and providing supportive resources, small and mid-size businesses can create a safe, confident experience for their customers.

Strengthening internal security measures is equally important though. Small businesses should consider implementing mobile threat detection solutions capable of identifying and neutralizing malicious PWAs and WebAPKs. Additional measures include collaborating with financial partners, sharing intelligence on emerging threats and developing coordinated incident response plans to address attacks quickly and effectively.

Cyberattacks may continue to grow in sophistication, but with the right tools and strategies, businesses can stay one step ahead. By staying informed about emerging threats, investing in robust security measures, and fostering collaboration with industry partners, small businesses can ensure customer safety.