Fraud via rogue apps exploded by 300 percent in just a few months

Phishing rates stayed mostly constant from one quarter to the next, according to a new RSA report.
mobile device management

Digital scammers are stealing victims’ personal information in new ways, preferring rogue mobile applications and account takeover attacks after a generation of using phishing as their primary hacking technique.

Fraud attacks from rogue mobile applications increased by more than 300 percent, up to 41,313 incidents in the first quarter of this year from 10,390 events in the fourth quarter of last year. The figure represents 50 percent of the attacks detected in a fraud report released Wednesday by RSA, with phishing attacks making up 29 percent, trojan horses at 12 percent and brand abuse at 9 percent. Phishing attacks increased by less than 1 percent from one quarter to the next.

That jump in rogue apps coincides with an uptick in research from other security companies reporting malware that steals victims’ information by appearing as legitimate programs. VidMate, an Android app that allowed users to download videos from services like YouTube and WhatsApp, actually defrauded people by secretly subscribing them to paid services, BuzzFeed reported. Others, like Flappy Birr Dog and Flappy Bird, stole data from more than 100,000 people before their discovery by TrendMicro in January.

“The popularity of apps serves as an incentive for cybercriminals to continue developing campaigns that utilize them to steal information or perform other kinds of attacks,” researchers said earlier this year.


The number of fraudulent transactions where a card was not present (CNP) jumped by 17 percent in the last quarter, with most of those occurring via mobile. The average value of a fraudulent CNP transaction in North America was $403, compared the average $213 value of a genuine transaction, according to RSA. Last year marked the first time financial institutions uncovered more instances of CNP fraud than when a card was physically involved, Verizon previously found.

“The average value of a fraudulent transaction will likely always be higher than that of a genuine transaction, since fraudsters regularly use stolen credit cards to make quick, high-value purchases because these goods are easy to resell for a profit,” the RSA report said.

Hackers also are utilizing websites known as account checker studios, in RSA’s parlance, to verify whether they can use stolen username and passwords to access information from the same victim on other websites. Sites like Sentry MBA and SNIPR are the traditional repositories where thieves can test their credentials for popular services like Netflix, Spotify, or video games like Fortnite, but they’re also known among fraud investigators.

By developing smaller, unique sites that can facilitate credential stuffing attacks on specialized niche pages, as RSA has discovered, scammers can avoid detection while also remaining competitive with anti-fraud measures.

“If in the past a fraudster committed e-commerce fraud by using a compromised credit card and the ‘guest checkout’ option, today many use account takeover fraud of existing customer accounts in order to reduce the risk of being flagged for fraud,” the report found. “Also, many of the accounts are used as infrastructure for further defrauding individuals and organizations. For example, compromised accounts for dating sites are used for romance scams, while compromised accounts of registrars and hosting companies are used to set up phishing websites.”


More specific account checker studios can help more hackers automate their attacks, RSA predicted, leading to more breaches like the kinds that have haunted Dunkin’ Donuts, HSBC bank and others.

Latest Podcasts