How to avoid the mobile banking malware disguised as a WhatsApp update

Keep your phone and your bank account safe by following our advice

App updates tend to be a happy affair, with a promise of better features. But one particular WhatsApp update, initiated not by the developers but malicious hackers, could lose you untold amounts of money.

The Association of Banks in Singapore (ABS) told Channelnewsasia that around 50 smartphone users were victims of this malware attack in the last three months. This malicious attempt by hackers targets mobile banking customers, intercepting SMS messages and thus one-time passwords sent by banks to these numbers for online purchases.

The fake WhatsApp update, meant to prey on users’ fear of losing access to the popular messaging service, isn’t the only method employed by hackers. It can also be disguised as an operating system update, specifically for the battery management module and playing on the promise of more uptime for your Android smartphone.

In both cases, the modus operandi involves asking users to download an update. The deed is done once the download is initiated, but not before the malware requires you to enter your credit card information. That act will seal your fate, since the malware now has access to both your credit card details and is able to intercept the OTP messages sent to your smartphone.

These methods, however, can be easily identified if you’re cautious with what you are tapping or be aware of what information is being asked. Don’t add to the statistic of affected users, follow these tips to stay safe from these malicious attempts

  • Always initiate your updates through the official app store or when prompted by the phone as a system update.
  • Pop-up windows are never good news. Close them immediately.
  • Sound the alarm if the app update is asking for specific details such as your credit card. No app developer will ever ask for that.