The Covid-19 pandemic has changed many things. For example, businesses, including the way we do banking, buy and pay for groceries and other goods. Mobile banking and m-commerce are booming worldwide, stimulating tap-to-pay, real-time money transfers, and 'express shop', making contactless transactions a new thing that has come to stay. But it's not only about business; we all have had to adjust. Unfortunately, cybercriminals too!

Looking closely at one specific country, 2020 was remarkable: people registered 103 billion financial transactions made by 220 million mobile devices, with 51% of all money nationwide going through smartphones. A new payment system registered 92 million active users, connecting 169 million bank accounts, allowing 441 million real-time money transferring transactions in a short period of four months. This incredible flow of 'mobile-money' turned into a golden opportunity for cybercrime.

In this presentation, we'll show how crooks use this window of opportunity to infect many smartphones, successfully porting into mobile platforms an old but now revived threat: RATs. As a 'ghost hand', these threats allow crooks to carry out a total remote intrusion on infected devices, opening installed financial apps, carrying out silent transactions. Fingerprinting, facial recognition authentication, and many other security measures are useless against them. All in sight of your eyes.

Ghimob, TwMobo, and BRata are here to stay and ready to expand worldwide, stealing your 'mobile money'. Is the security industry prepared to stop them?

Got a question about this presentation? To get in touch with the speakers, contact Fabio Assolini on Twitter at @Assolini.