This article first appeared in Digital Edge, The Edge Malaysia Weekly on February 24, 2025 - March 2, 2025

Cyberthreats have evolved significantly, expanding beyond phishing scams to more sophisticated exploits that target users through fraudulent apps, malware-laden links and remote access manipulation.

The rapid adoption of artificial intelligence (AI) in recent years has further heightened these risks, says Sarene Lee, country manager for Malaysia at cybersecurity firm Palo Alto Networks. Cybercriminals are leveraging generative AI to craft increasingly convincing and highly targeted scams, making it easier to trick users into downloading malware-infected applications.

The consumer banking industry has become one of the most vulnerable targets as more customers rely on mobile banking for daily transactions. To meet growing demand, banks have introduced a wider range of digital products and services through their online portals and mobile apps.

However, the increased digital footprint has also expanded the attack surface, providing scammers with more entry points to exploit security gaps and steal sensitive financial information.

To counter this issue, Bank Negara Malaysia in August last year mandated the introduction of malware-shielding features for all mobile banking apps in Malaysia as a means to strengthen the country’s financial infrastructure against the rise of cyberthreats and online scams.

Malware shielding promises an essential layer of security to detect and neutralise such threats before they compromise sensitive banking data.

This technology is embedded directly in the bank’s mobile app to detect and mitigate high-risk malware, including malicious APKs (application files) and suspicious remote monitoring access on customers’ devices. Android users, in particular, are susceptible to these threats due to the openness of the platform.

What this means is that if the app detects malware in the device, it can restrict the device’s access to banking features and prevent unauthorised transactions.

Several banks, including Malayan Banking Bhd (Maybank), Alliance Bank, AmBank, Bank Simpanan Nasional, CIMB Bank and HSBC Bank, have already implemented malware-shielding in their apps.

Lee says financial institutions have introduced more than 200 new internet-facing services each month, further expanding the attack surface for cybercriminals.

According to Palo Alto Networks’ Incident Response Report 2024, malware was a factor in 56% of investigated cyber incidents. Lee says introducing more proactive security measures is no longer a bonus but an imperative in mobile banking.

She adds that criminals are more likely to target industries either for financial gains or access to sensitive data. Manufacturing, professional services, media and academia have become prime targets for cybercriminals, but the banking sector continues to be the most vulnerable.

“[By the very nature of the] industry compared to others, when going after money or data, they can get both from the banks. It’s easy — attack one target and get both,” says Lee.

To counteract these threats, banks need to start leveraging AI-driven defences to counter scammers’ use of AI, she adds. Countries such as the US, the UK and Singapore have already incorporated AI-driven cybersecurity strategies, setting an example for Malaysia to follow.

Malware shielding is a good step forward, but Lee notes that it focuses mainly on the front end, whereas cybercrimes can come from the back end as well, and banks need to look into practices for their own protection.

“Malware doesn’t discriminate. It doesn’t really care whether you have money. So, there have to be some best practices in place and we can learn from other countries like those in Europe and even Singapore because protection has to be there,” she says.

Malware shielding itself is one of these best practices adopted by developed countries. Others that Malaysia’s banking industry has already adopted include replacing the SMS one-time password authentication with in-app authentication, enhancing fraud detection rules and enforcing cooling-off periods for new account registrations.

Lee notes that, in these times when scams and cybercrimes are on the rise, online banking best practices are essential to reduce scam-­related financial losses, which in turn increases customer confidence in digital banking.

While the introduction of malware shielding is crucial, implementing it presents its fair share of challenges. One is balancing security with user experience, ensuring that security measures do not create excessive friction for users, especially senior citizens or people unfamiliar with digital banking.

“Security is really a balance between convenience and protection. An analogy I like is that security is like a lock on the door. Do you want to use a very cheap lock [that is quick to open] or a very nice lock, which is harder to open?” says Lee.

Another challenge that banks must be prepared for is user adoption. Because of how integral security is to banking apps, when new security measures are introduced, it is common for banks to abandon their old apps in favour of new ones that are built from the ground up to follow these new security measures.

This can cause friction though, as users may be reluctant or slow to install another app and transfer their accounts to the new one. But keeping support for the old app only opens another entry point for bad actors to exploit.

Lee says banks must encou­rage customers through regular public engagements and awareness campaigns to drive adoption and to update their applications regularly so that security features such as malware shielding can be effective. She adds that financial institutions must ensure seamless integration of malware shielding into their existing banking apps without compromising on performance or usability.

Malaysia is not the first to mandate malware shielding, and its implementation is seen as a huge step forward in keeping the country’s security standards in line with global best practices.

As cybercriminals continue to refine their tactics, Lee stresses that collaboration between financial institutions, government agencies and cybersecurity stakeholders is needed to keep up with the rapidly evolving cybercrime landscape.

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's App Store and Android's Google Play.