Vulnerabilities have been detected in two-thirds of the applications of Russian financial institutions. Approximately 30% of them could lead to data leaks. However, there are also applications that have no vulnerabilities - these are usually products created by large banks. This was reported by AppSec Solutions.
In February, the head of the Central Bank of Russia, Elvira Nabiullina, announced that by the end of the first quarter of 2025, all financial institutions in the country must solve the problem of theft of funds from accounts due to insufficient security of their applications.
According to her, the applications of some banks are reliably protected from viruses that allow theft from accounts, but other financial organizations do not have such protection. In March, Nabiullina emphasized that a banking application should be as reliable as a safe in a bank vault and provide protection against unauthorized access.
According to a study conducted in 2024, two-thirds of banking applications in Russian app stores contain vulnerabilities. More than a third of them have a high or critical level of danger, which can lead to data leaks. The study examined 95 financial applications.
In total, experts found 1583 vulnerabilities, of which more than a third – 569 – were critical and high. Last year, about 4,500 vulnerabilities were found in bank applications, but only 183 of them were really dangerous. One of the most common vulnerabilities in fintech applications is storing secrets for accessing third-party services in plain text.
Common mistakes include saving confidential data in private files, as well as saving discovered confidential data in the application. In addition, there is a risk that text entered by the user may end up in the application files.
It is noteworthy that no vulnerabilities were found in the applications of leading banks.
Fraudsters have developed a new way to steal data from bank cards using the malicious software NFCGate. They create a fake copy of the card, which allows them to make purchases at terminals that support NFC technology.
Read materials on the topic:
CB: Fraudsters began to use virtual images of bank cards of their victims
Fraudsters have learned to track Russians through toothbrushes and temperature sensors
«Various ways of penetration»: there is a database of hackers about all Russians on the darknet
