Ken Munro, a cybersecurity expert from Pen Test Partners, said that as soon as Liz had unwittingly given the app additional permissions, it had ‘got its hooks into the phone’.
Cyber expert Ken Munro from Pen Test Partners revealed the malicious app had taken over Liz’s phone without her knowledge and secretly drained her bank accounts
‘At that point, it could start to grab her banking passwords as she typed them in,’ he told Rip Off Britain.
‘And then the hackers, with that amount of access, could start moving money – slowly but surely, while she was asleep.’
Data extracted from the phone also revealed an IP address of a location in Russia, noted to be known as ‘malicious in nature’.
Pen Test Partners concluded ‘with high confidence’ that the malicious app was linked to or responsible for the fraudulent activity on the device.
‘It just blew my mind that all that was happening,’ said Liz after being presented with the findings.
‘I knew that something was going on with my phone, but wasn’t sure what. And then obviously when [the scam] happened, I couldn’t speak to anybody without crying. It was the emotional aspect of it all.’
After Rip Off Britain shared Pen Test Partners’ report with Liz’s banks, Revolut refunded her in full.
Cybersecurity expert Adenike Cosgrove told Rip Off Britain: ‘What we’re starting to see is that these cyber criminals and fraudsters – they’re not hacking in, they’re actually logging in, often with the access that we inadvertently give them.
‘It gives the criminal initial access to the device, then they’re monitoring the device, all of the other applications, all of the banking services that you’re leveraging, they’re watching for all the passwords that you type in.’