Google disclosed at the Virus Bulletin conference in Prague on Thursday how Android‘s internal security task force checked rising mobile banking fraud in Russia, according to Quartz. Several Russian smartphone users were attacked by Trojan, a type of mobile banking malware, in the first quarter of the year.

Google Security Team Helped Russia Defeat Banking Fraud

Russia a soft target for mobile banking Trojans

Russia has been the target of 86% of mobile banking Trojans, according to a report from Kaspersky labs. The company formed a task force in January that countered an attack, says Google’s Sebastian Porst. Russia is regularly at the top of the list of countries with the most PHAs (potentially harmful apps). The likelihood of Russian users having a PHA installed on their phones compared to those in the U.S. is ten times higher on a relative scale. Less than 0.4% of phones are detected to have PHAs in the U.S.

The hackers used human engineering to persuade Russian users to ignore the warnings given by Verify Apps and install malware from external websites. These Trojans include phishing malware that keeps a watch on banking apps and the Google Play app to hack users’ financial information. The hackers make unauthorized transactions after getting the account numbers and passwords by intercepting text message authorization codes sent to the infected device from the financial institution.

How Google prevented the fraud

For measuring mobile safety and security, Google uses the PHAs detected on the phones running its Android software. The search giant runs automated and manual analysis on how the apps were written, for whom they were written, from where they were submitted to the app stores, and how they behave to identify PHAs.

Verify Apps, Google’s Android security system, scans apps at installation, and if the apps are detected to be PHAs, it recommends that users not install them. Verify Apps also periodically scans all the apps on the phone, reports the detected PHAs to the user and Google, and recommends that the user remove the PHAs it found.

Concluding his talk, Porst detailed how the new M version of the Android operating system has been hardened against threats of this type.