Promon reveals 77% of payment apps are susceptible to screen reader malware

Promon, the Norwegian app security firm that provides cybersecurity solutions for some of the world’s largest banks, companies, and applications has analysed 73 of the world’s most-used payment apps. To assess their security level and understand how they tackle a common malware-style screen reader attack.

Using a basic screen reader tool – which exfiltrates data in the same way that common, real-world malware would – Promon found that:

• The screen reader could read and exfiltrate the username and password from 56 of the 73 apps (76.7%)
• They were able to log the username, but not the password of Six apps (8.2%)
• Only three apps (4.1%) showed clear defense against the screen reader’s attempts to read the data and allowed neither the username nor password to be logged
• 8 apps (10.9%) featured no login page from which to exfiltrate data

“This is beyond concerning to say the least,” says Benjamin Adolphi, Head of Security Research at Promon. “This is an extremely basic tool that is used regularly alongside common social engineering attacks. Malware that can successfully gain access to a device’s screen and its contents in this way can steal sensitive information, such as passwords and credit card numbers, but also intercept 2FA codes and give the hackers access to other accounts. In more serious cases, bad actors could even take control of the device and bypass other integral security measures. You would like to think that the developers of these apps would be taking the security of their products seriously, but apparently protecting users’ highly sensitive information is but a mere afterthought for the vast majority.”

The full report can be accessed here.