Fortifying the edge: Cyber resilience for mobile finance

By Jake Moore

The rise of mobile banking has transformed the way businesses and customers interact, offering increased convenience and efficiency. However, this shift has also opened new doors for cybercriminals, particularly on the Android platform, which dominates the global smartphone market. According to the ESET Threat Report H2 2024, financial threats targeting banking apps and cryptocurrency wallets on Android grew by 20% compared to the previous period.

Fortunately, large financial institutions, such as banks, are equipped with significant resources, enabling them to invest in and implement comprehensive cybersecurity measures to protect their systems and customers. However, smaller banks, wealth management firms or insurance agencies are often more vulnerable to cyberattacks. Why is this the case? While adopting secure technology practices and promoting cyber awareness among their teams is essential for them and their customers, many businesses struggle to implement such measures, leaving them exposed to potential threats.

Why Target Small Businesses’ Finances?

Small businesses, often limited in resources and expertise, are increasingly vulnerable to sophisticated financial cyberattacks. Businesses, such as accounting and payroll services, that manage client payments or process sensitive transactions are particularly at risk, as a single breach can erode customer trust and have long-lasting financial repercussions.

Understanding the emerging threats and implementing proactive measures to protect both customers and business operations has become more critical than ever, particularly in light of recent discoveries made by ESET Research.

It also reveals an alarming trend around Android-targeted financial threats. Attackers are leveraging Progressive Web Apps (PWAs) and Web Android Package Kits (WebAPKs) to create malicious applications that can bypass traditional app store vetting processes and security warnings.

The mechanics of these attacks are sophisticated yet deceptively simple. Victims are typically lured in through phishing campaigns that exploit various communication channels, including SMS, automated calls, and social media advertisements. In all cases, victims are prompted to click on a malicious link.

By clicking on the provided link, users are redirected to phishing websites that closely mimic official banking app sites, offering downloads for PWA and WebAPKs. PWAs are essentially websites bundled into what feels like a standalone application, using native system prompts. They serve as shortcuts to websites, providing almost app-level interaction to users. The same is true for WebAPKs, but they are packaged as APKs (native apps) for deeper integration with the Android system. In essence, WebAPKs are upgraded versions of PWAS.

Once installed, these apps function as fake banking interfaces, obtaining sensitive data through phishing or other means, which is then transmitted to attackers. Notably, installing such an app does not warn the victim about “installing unknown apps,” unlike with regular third-party APKs, making the deception even more challenging for regular users to recognise. On Android, these phishing WebAPKs even appear to have been installed from the Google Play Store.

A Multi-Layered Approach to Threat Protection

For businesses such as banks that offer legitimate versions of commonly targeted applications, the misuse of their digital property can have serious consequences. These range from reputational damage and financial losses, particularly if users lose trust and abandon the service, to potential legal liabilities.

To counter such threats, organisations must adopt a comprehensive, multi-layered cybersecurity strategy. One of the foundational steps is implementing multi-factor authentication (MFA), which significantly lowers the risk of unauthorised access. MFA relies on a combination of factors: something the user knows (such as a password), something they have (like a smartphone or security token), and something they are (such as biometric identifiers like fingerprints or facial recognition).

Another effective measure is the use of dynamic data encryption keys, which are uniquely generated for each transaction and updated frequently, making it more difficult for attackers to exploit stolen credentials. Regular security audits also play a crucial role, helping to identify and address vulnerabilities before malicious actors can exploit them.

Adopting strict coding standards and conducting regular code reviews ensures that new updates to applications do not inadvertently introduce security flaws. In parallel, businesses must invest in regular cybersecurity awareness training to keep employees informed about evolving threats and the best practices to mitigate them.

Artificial Intelligence offers an additional layer of defence by identifying anomalies such as unusual login attempts, atypical transactions, or sudden changes in user account behaviour. Similarly, cloud security solutions—thanks to automatic updates and scalability—can enhance protection while reducing dependency on physical infrastructure.

Educational initiatives such as gamified digital security programmes are also gaining traction. These programmes engage both employees and customers, reinforcing password hygiene and increasing awareness of social engineering techniques. Employees trained to recognise phishing attempts and malware can serve as a critical first line of defence.

Moreover, blockchain technology is emerging as a secure alternative for maintaining encrypted, immutable transaction records, providing an additional layer of protection against data breaches.

For all these actions, simplicity is the key. Security measures, such as biometric authentication or password managers, should be intuitive and easy to use to promote long-term adoption and consistent use by employees and end users alike.

Steps to Protect Customers and Build Trust

At a time when convenience often comes with hidden risks, small businesses have an opportunity to differentiate themselves by demonstrating a commitment to security. This not only protects their operations but also builds customer loyalty in a competitive marketplace.

Educating customers is a vital step. Businesses can empower customers by highlighting their security efforts, like two-factor authentication and secure transactions. By making security an integral part of their brand identity and providing supportive resources, SMBs can create a safe and confident experience for their customers.

Strengthening internal security measures is equally important. Small businesses should consider implementing mobile threat detection solutions capable of identifying and neutralising malicious PWAs and WebAPKs. They should also collaborate with financial partners, sharing intelligence on emerging threats and developing coordinated incident response plans to address attacks quickly and effectively.

Cyberattacks may continue to grow in sophistication, but with the right tools and strategies, businesses can stay one step ahead. By staying informed about emerging threats, investing in robust security measures, and fostering collaboration with industry partners, small businesses can ensure their customers’ safety.

The author is a Global Cybersecurity Advisor at ESET.