Iko pko bp windows phone

Innovate and grow through risk

We implemented several methodologies to effectively coordinate work in this unusually large group, most prominently the SCRUM system. All developers worked under one roof to assure a smooth and coherent experience on all platforms and a well constructed backend. We felt a great responsibility to the thousands of people who will use the app and expect their money to be safe.

Polidea will continue the relationship with PKO Bank Polski to create further innovative products basing on the experience gained from the IKO project and to keep revolutionising the Polish mobile banking.

PKO Bank Polski upgrades mobile app

Albert brings together PCI certification and a custom-made and hardened version of Android Lollipop system. EFL is a pioneer in psychometric and alternative credit scoring. Project scope Backend. In each case, the malware pretended to be a benign, useful application.

Aplikacja mobilna IKO

The primary function of the trojan is the theft of credentials to online banking systems. Samples that we have analyzed do not target banking applications in languages other than Polish. So far we have not observed any code obfuscation in this variant of BankBot.


  1. Basic information.
  2. download ios 5 beta 7 download.
  3. ebay samsung galaxy s6 edge 64gb.

The trojan uses Firebase , which is a platform that allows developers to create applications using a cloud service. It allows to use multiple services, including databases, without the need to host a backend server.


  1. Available on.
  2. awesome apps for ipod touch free.
  3. PKO Bank Polski launches mobile payment service - Payments Cards & Mobile.
  4. PKO BP's application IKO has 370,000 users.
  5. why does my touch screen not work when charging iphone 5.

Firebase is not suitable for storing credentials because, with a link to the database, it would be possible for third parties to read and write any data. First, the malware generates a Firebase ID token, which is used to identify users. Then, it obtains a list of installed applications and compares it with the list of names of attacked banking applications.

PKO Bank Polski launches mobile payment service - Mobile Payments World

The corresponding decompiled code is presented below:. If any of these applications is installed, a WebView object is created. Such objects are used to embed web pages in an application. In this case, the trojan embeds a phishing page corresponding to that bank.

If a user submits login details, they are not stored on the server-side immediately, as happens in the case of an ordinary phishing webpage.

2013 – 2014

To withdraw money from the bank, the botmaster still needs to obtain an authorization code that is sent via SMS. The code that is responsible for this malicious activity is a part of a class that extends BroadcastReceiver, presented below:.

Polish Bank Debuts Mobile Payments Service (March 14, 2013)

The malware can also display fake login windows after receiving a message from Firebase Cloud Messaging, which contains the name of the application that will be impersonated.