FEATURE
Alarm bells rang across Singapore ’ s investment community last November when five US-based investors lost more than US $ 10 million in a cryptocurrency scam that involved spoofed domains of the former Singapore International Monetary Exchange ( Simex ).
In addition , the Singapore-based crypto firm , BitKeep , lost more than US $ 8- million to a hack in December 2022 .
Fake or spoofed apps are among several threats to users of investment apps . A recent study revealed that 77 % of financial apps have at least one vulnerability that can lead to a data breach , while 88 % of apps fail cryptographic tests , making them a target for data-hungry hackers .
Plugging these gaps is in everyone ’ s best interests , especially in the context of Singapore ’ s goal of becoming a global cryptocurrency hub .
And it turns out that Singaporean consumers expect app makers to protect them from hacking , fraud and malware , according to a recent Consumer Expectations of Mobile App Security survey .
Therefore , the old proverb ‘ forewarned is forearmed ’ has never been more relevant and important and app makers of banking and FinTech apps won ’ t stand a fighting chance if they don ’ t protect their customers against the following threats and attacks :
1 . Fake apps
Scams like the Simex case are not uncommon sadly . For example , one app – masquerading as an Asian trading company – lured social media and dating site users to download the fake app which opened the door for cybercriminals to wreak havoc .
Fake apps are published through ‘ Super Signature ’ processes that bypass security protections and mechanisms used by official app repositories . Using Mobile Piracy Prevention solutions will ensure that your Android and iOS apps will not be copied or become Trojan apps after being published to a public app store . Validating that apps signed for Apple and Google Play stores cannot be distributed to other stores is another must , as is verifying the integrity of the app bundle and all its contents at runtime . This will protect your brand against negative publicity and user backlash if fake versions and mods of your app end up on the phones of your customers .
2 . Overlay attacks
Mobile banking Trojans like Sharkbot and Xenomorph are malware that use an overlay attack – where a fake screen or window controlled by an attacker is placed on top of a legitimate application to trick users into revealing confidential information . The best defence is a nocode mobile fraud prevention solution that enables developers , publishers , studios and financial institutions to stop fraud at the source – these solutions build preemptive and defensive protections into your mobile app in minutes . A Singaporean retiree recently lost over US $ 71,000 due to a likely overlay attack on this mobile banking app .
3 . Stealing private crypto keys by compromising the operating system
Private keys are everything in crypto and decentralised finance because they are used to authorise transactions and prove ownership of a Blockchain asset . However , private keys can be tampered with or stolen – leading to the theft of digital assets .
Singapore ’ s investors are not immune to this threat – the number of crypto scams reported to the police has jumped fivefold since 2019 – with 631 reports made in 2021 .
Risks have increased as private keys moved from storage in custodial wallets to non-custodial wallets – where users take responsibility for the security of their private keys .
When fraudsters hack a device , they often look for a private key first . This threat is heightened in rooted or jailbroken devices , where software www . intelligentciso . com
49