Security firm Cyble reports that a newly detected malware is expanding its reach to banking, financial, and crypto applications, targeting approximately 180 devices. Its primary method is not to directly compromise systems, but rather to overlay fake pages onto the application after the user opens it, tricking them into entering sensitive data such as PIN codes and login information.

Fake pages steal account information

The key to this type of attack lies in the "fake interface." The page that the user sees closely resembles the original application, but it is actually controlled by malicious code. Cyble believes that attackers use this to collect authentication information and further attempt to control the victim's account.

Based on the disclosed information, the affected entities cover banking, payment, financial services, and encryption-related applications. This means the attack surface is not limited to a single industry, but rather revolves around mobile entry points that directly access funds.

Attacks targeted banks and crypto applications.

Cyble noted that the malware displays a fake screen on the victim's device, tricking the user into entering credentials such as a PIN. Once this information is obtained, attackers can bypass normal verification processes and take over the account.

These types of attacks are particularly vulnerable to crypto users. This is because once some transactions and transfers are completed, they are often more difficult to recover than in traditional financial scenarios. If both banking and crypto applications are installed on the same device, the risk exposure also increases.

• The attack targeted approximately 180 applications.
• Covering banking, finance and crypto categories
• The main purpose is to steal PIN codes and take over accounts.

Mobile payment gateways become a key target

This incident once again demonstrates that mobile devices have become a significant attack surface for financial services. Compared to simply stealing passwords, overlaying fake pages more easily exploits users' trust in familiar interfaces.

For platforms and users, the risks extend beyond account login, encompassing payment confirmation, CAPTCHA input, and in-app authentication. As attackers target both banks and encrypted applications simultaneously, the associated security challenges are increasing.