South Korean banks have been hit by criminals using fake banking apps to steal user details, and thousands of apps are potentially vulnerable, which is a threat that has been flagged recently by the UK financial regulator, among others.

South Korean banks have been hit by criminals using fake banking apps to steal user details, and thousands of apps are potentially vulnerable, which is a threat that has been flagged recently by the UK financial regulator, among others.

The Korean banking issue has been flagged by FireEye, a network security firm, which recently identified a malicious mobile application that installs a fake banking application capable of stealing user credentials.

FireEye, when questioned by this publication about the issue, said it is in contact with local authorities in Korea but did not elaborate on the matter. 

The app has been deemed to target Hana, IBK, KB Kookmin, NH, Woori, and Shinhan; all of which are Korean-headquartered banks. The top-level app acts as a fraudulent Google Play application, falsely assuring the user that it’s legitimate, FireEye said in a statement yesterday.

While only Korean banks were mentioned in the report, the threat of such security breaches will be of concern to the global banking sector, including the wealth management arena, as firms have embraced apps as a way to harness the trend of mobile technology. The issue is particularly acute at a time of general concern about threats to cyber security and online communications generally. The Financial Conduct Authority, the UK regulator, has warned about this issue. In 2010, Citigroup advised US-based users of its free iPhone banking app to upgrade to a newer version that addressed coding-based security flaws.

According to FireEye’s report, once installed, an app can present itself as a Google Play app and ask the user for permission to activate itself as a device administrator, which gives the app ultimate control over the device.

After installation, the app checks whether any of the six targeted banking apps have been installed. If it finds one, it deletes the legitimate banking app and silently replaces it with a fake version. Once that occurs, the fraudulent app will prompt the user to enter their banking account credentials, allowing the thief to then use this information to withdraw money from the user’s account, FireEye said.

FireEye has identified more than 2,000 apps on Google Play that are vulnerable to infection, with over 100,000 downloads each. This makes the total download count for these potentially harmful apps greater than 2.56 billion.