Cyber criminals are riding on mobile phones to hack into consumer bank accounts.
Cyberthieves use malware to steal banking credentials from unsuspecting consumers when they log on to their bank accounts via their mobile phones, according to regulators and cybersecurity specialists.
It is now the go to way of attacking the financial-services industry.
Central Bank of Kenya (CBK) data show that half of the Sh1.59 billion that was stolen from banks by hackers was through mobile banking.
Cyberthieves stole Sh810.68 million last from Sh182.41 million a year earlier—a jump of 344 percent.
The malware typically gets onto a phone when a user clicks on a text message from an unknown source or taps an advertisement on a website. Once installed, it often lies dormant until the user opens a banking app.
The malware then creates a customised overlay on the authentic banking app. This allows criminals to follow a user’s movements on the phone and eventually grab credentials to the account.
This type of mobile-phone malware is gaining ground as more consumers use banking apps and financial firms roll out a wider array of mobile services.
“Cyber risks have increased due to the digitalisation of payments and transfer of money from person to person,” CBK notes.
Cyber heists
While the total number of cyber threats in Kenya reached 3.52 billion last year, 105.9 million of those incidents were classified as malware attacks while 115.6 million were botnet and DDoS attacks.
The malware attacks increased to 105.8 million last year from 85.8 million in 2023.
Hackers stole a record Sh1.59 billion from Kenyan banks last year in an attack that highlights the risk of cyber heists in the wake of heavy investment in tech and mobile banking.
The disclosure shows that the theft of customer deposits has grown fourfold from Sh412 million in 2023 due to fraudulent wire-transfer requests.
CBK data showed card fraud cost customers Sh263.29 million, being 16.9 times the Sh15.59 million lost in the prior year.
Computer fraud, which includes as hacking into systems to steal data, saw bank customers lose Sh203.39 million, a 2.7 times jump from the preceding year, while fraud through identity theft grew six times to Sh199.08 million.
The review period saw online banking fraud rise to Sh111.83 million from Sh106.2 million, while internet scams cost lenders Sh6.07 million up from Sh797,7000 in the prior year.
