Get a demo

App shielding

Keylogger attacks on banking apps increase

By Tana Blegen March 01, 2021 11:06 am

Keylogger attacks are on the rise. This article explains how they work, and how you can protect your apps from being attacked by malicious actors.

Banking apps have long been the target of hackers. The Cost of Cyber Crime Study found the average cost of cyber attacks on financial services companies globally increased by more than 40 percent from 2014 to 2017. From $12.97 million per company in 2014 to $18.28 million in 2017.

As a result, banks have offered among the most robust array of cybersecurity defenses to protect customer data and accounts of any sector. Hackers, though, have responded in kind to deploy some of the most sophisticated malware found online. reported that during Spring 2018 the cybersecurity research group Lastline detected “an unusually large number of iSpy keylogger” variants attacking banking apps.

The security firm also registered an increase in other keylogger-tipped viruses. While software vendors offer a variety of perimeter defenses, Application Shielding offers one of the few reliable means from within financial software to protect customer data.

What is a keylogger?

One of the most insidious kinds of attacks hackers increasingly use involve “keyloggers.” Keylogger attacks record every keystroke a device user types into a mobile, laptop, or desktop computer. The server records user ids, passwords, account details, and SMS messages. Cybercriminals can then monitor user communications and even withdraw money from victims’ bank accounts.

Keylogging mobile apps

Increased malware activity

The keyloggers that Lastline detected also extract user credentials for websites that users access as well as login details for email accounts and FTP file transfers. The new breed of keyloggers also records license key information for installed products. In addition to the iSpy keylogger, cybersecurity analysts have found Microsoft Office documents delivering payloads infested with Emotet and URSNIF keyloggers. Emotet and URSNIF can also detect when antivirus software is sniffing for them and evade detection. In addition, they can provide channels for man-in-the-middle attacks on users. Man-in-the-middle attacks enable black hats to watch all traffic passing between a device and the internet.

The developers of URSNIF and Emotet created the malware in modules. One of the modules can hijack automated transfer payments, like those found for paying bills, loans, and credit cards.

App shielding defends against keyloggers

App shielding technology “hardens” apps and related data against cyber intrusions. Promon SHIELD™ protects user credentials such as usernames, passwords, and PINs from keylogging. Malware techniques are blocked and cannot spy or siphon user inputs using keylogging- screenshots or screenreader-techniques.

Promon SHIELD™ only requires a few minutes to implement. Once secured, the applications are immediately ready for distribution via public app stores.

Increased “smart” malware attacks against banking apps mean financial institutions need to consider “smarter” solutions to cyberdefense like App Shielding.