Abstract
Android is presently the world’s most prevalent operating system, reaching more mobile customers than any other operating system to date by providing numerous services via smartphone and various android devices to make our life easy. Most of the android applications are developed by third-party android developers, android provides them an enormous platform to build their application. Modern cyber attackers are highly interested in this platform to access user’s sensitive information; with their own build malicious application or take amenities of other android developer’s application to spy on user’s activity. We have found that keyloggers can thieve personal information from users, such as credit card information or login pin/password from their typed keystroke in social networking and mobile banking apps. In case of mobile banking generally the mobile devices such as smartphones, tablets are being used for financial communications with the banks or financial institutions, by allowing clients and users to conduct a variety of transactions. In android app store (Google Play) keylogger apps are initially blocked but using some vulnerabilities in app permission it can be installed with benign and trusted apps. Both expert and maladroit android smartphone users use the mobile banking application, inexpert users are unable to find the vulnerabilities and attacker’s use this as an advantage to place an attack. The security android has provided for all the application is not sufficient for the sensitive application such as mobile banking application. In our paper, we discuss how attackers steal mobile banking app users sensitive information for their financial gain and also proposed a method to avoid keylogger attacks on android mobile banking apps.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Help Net Security: Financial services firms most adept at making balanced security investments—Help Net Security, 2020 [Online]. https://www.helpnetsecurity.com/2018/02/14/financial-services-security-investments
Statistica: Leading Android App Categories Worldwide 2019, 2020 [Online]. https://www.statista.com/statistics/200855/favourite-smartphone-app-categories-by-share-of-smartphone-users/
Securitymagazine.com, 2020 [Online]. https://www.securitymagazine.com/articles/91660-more-than-99-billion-malware-attacks-recorded-in-2019
Marouf, A.A., Ajwad, R., Tanbin Rahid Kyser, M.: Community recommendation approach for social networking sites based on mining rules. In: 2nd IEEE International Conference on Electrical and Information and Communication Technology (iCEEiCT), Jahangirnagar University, Bangladesh, 21–23 June, 2015
Mehedi Hasan, M., Shaon, N.H., Marouf, A.A., Kamrul Hasan, M., Mahmud, H., Mohiuddin Khan, M.: Friend recommendation framework for social networking sites using user’s online behavior. In: 18th IEEE International Conference on Computer and Information Technology (ICCIT), MIST, Bangladesh, 21–23 December, 2015
Marouf, A.A., Kamrul Hasan, M., Mahmud, H.: Comparative analysis of feature selection algorithms for computational personality prediction from social media. IEEE Trans. Comput. Soc. Syst. 7(3), 587–599 (2020)
Marouf, A.A., Kamrul Hasan, M., Mahmud, H.: Identifying neuroticism from user generated content of social media based on psycholinguistic cues. In: 2019 2nd IEEE Conference on Electrical, Computer and Communication Engineering (ECCE 2019), CUET, 7–9 Feb, 2019
Hossain, R., Marouf, A.A.: BanglaMusicStylo: a stylometric dataset of bangla music lyrics. In: 1st IEEE International Conference on Bangla Speech and Language Processing (ICBSLP), SUST, 21–22 Sept 2018
Kuncoro, A., Kusuma, B.: Keylogger ıs a hacking technique that allows threatening ınformation on mobile banking user. In: 2018 3rd International Conference on Information Technology, Information System and Electrical Engineering (ICITISEE), 2018
Mohsen, F., Shehab, M.: Android keylogging threat. In: Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2013
Cho, J., Cho, G., Kim, H.: Keyboard or keylogger?: a security analysis of third-party keyboards on android. In: 2015 13th Annual Conference on Privacy, Security and Trust (PST), 2015
Enck, W., et al.: TaintDroid. ACM Trans. Comput. Syst. 32(2), 1–29 (2014)
Nauman, M., Khan, S., Zhang, X.: Apex. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security—ASIACCS’10, 2010
Pearce, P., Felt, A., Nunez, G., Wagner, D.: AdDroid. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security—ASIACCS’12, 2012
More, D.M.M., Nalawade, M.P.J.D.K.: Online banking and cyber attacks: the current scenario. Int. J. Adv. Res. Comput. Sci. Softw. Eng. Res. Paper, 2015
Bhalaji, N.: Effıcıent and secure data utilization in mobıle edge computing by data replication. J. ISMAC 2(1), 1–12 (2020)
Chen, D., Smys, S.: Social multimedia security and suspicious activity detection in SDN using hybrid deep learning technique, vol. 2, no. 2, pp. 108–115 (2020)
Google Play|Android Developers: Android Developers, 2020 [Online]. https://developer.android.com/distribute/best-practices/develop/runtime-permissions
Li, L., Bartel, A., Klein, J., Traon, Y.: Automatically exploiting potential component leaks in android applications. In: 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, 2014
Schartner, P., Bürger, S.: Attacking Android’s Intent Processing and First Steps Towards Protecting it. Technical Report TR-syssec-12-01, Universität Klagenfurt, 2012
Wang, J., Wu, H.: Android Inter-App Communication Threats, Solutions, and Challenges. arXiv:1803.05039, 2018
Baraniuk, C.: The rise of stalkerware. New Scientist 244(3257), 20–21 (2019)
RSAC: Reverse-Engineering an Android App in Five Minutes. PCMAG, 2020 [Online]. Available https://www.pcmag.com/news/rsac-reverse-engineering-an-android-app-in-five-minutes
Keyboard|Android Developers: Android Developers, 2020 [Online]. https://developer.android.com/reference/android/inputmethodservice/Keyboard
Google Play|Android Developers: Android Developers, 2020 [Online]. https://developer.android.com/distribute/best-practices/launch/launch-checklist
Play.google.com, 2021 [Online]. https://play.google.com/store/apps/details?id=com.dbbl.mbs.apps.main&hl=en&gl=US
Search Security: What is Advanced Encryption Standard (AES)? Definition from WhatIs.com, 2020 [Online]. https://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard
Online Tool for AES Encryption and Decryption. devglan, 2020 [Online]. https://www.devglan.com/online-tools/aes-encryption-decryption
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Rahaman, N., Rubel, S., Marouf, A.A. (2022). Keylogger Threat to the Android Mobile Banking Applications. In: Smys, S., Bestak, R., Palanisamy, R., Kotuliak, I. (eds) Computer Networks and Inventive Communication Technologies . Lecture Notes on Data Engineering and Communications Technologies, vol 75. Springer, Singapore. https://doi.org/10.1007/978-981-16-3728-5_12
Download citation
DOI: https://doi.org/10.1007/978-981-16-3728-5_12
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-3727-8
Online ISBN: 978-981-16-3728-5
eBook Packages: EngineeringEngineering (R0)