Security firm McAfee has warned consumers that bank scams through mobile can happen when handing over bank details on their mobile phones.

The company says it has discovered a new Android application that tricks people into disclosing personal information when they log into on-line banking services using their mobile.


According to McAfee Labs malware researcher Carlos Castillo, the application, known as “Token Generator”, targets the websites of several well known financial institutions.

When installed, the malware uses the logo and colours of the customer’s bank in its icon to make it appear more credible. When the user enters their log-in details and password into the fake web page, the application sends these to a control server along with the user’s mobile phone number. This information can then be used to access the customer’s bank account to commit fraud.

Castillo said that the emergence of this Token Generator demonstrates the speed at which the Android platform is being targeted. “Android malware that targets financial entities is in constant evolution”, Castillo said.

“We are now seeing more sophisticated, remote-controlled banking Trojan applications that can retrieve a set of different authentications codes”.

Source: mobile news. “McAfee warns of bank scams through mobile“. Issue 512. April 2012.