Several malicious Android apps designed to steal mobile transaction authentication numbers (mTANs) sent by banks to their customers over SMS were found on Google Play by researchers from antivirus vendor Kaspersky Lab.
Many banks use mTANs as a security mechanism to prevent cyber criminals from transferring money from compromised online banking accounts. When a transaction is initiated the bank sends a unique code called an mTAN via SMS to the account owner's phone number. The account owner has to input that code back into the online banking website in order for the transaction to be authorized.
You download an app to your smartphone, the app picks up your private data, banking transactions, passwords etc. and sends them to the bad guys and voila you are totally hacked, not just our phone but everything else.
We have so much stuff on our smartphones, and it is too easy to trust and install an app.
But what do we do? Should there be a body that will check the apps really really well and offers a seal of approval? Who will that be? The appstore operators (Apple, Samsung, Microsoft, Amazn, etc) are failing to do that.
Maybe there is room for the virus protection vendors to play a bigger role on smartphone?
After all in a BYOD environment, it takes only one employee to download a malicious app and then all his email messages, contacts and so on are shared with the 'bad guys'
And enterprises are not going to be able to control what apps are installed by the smartphone users ..