South Africans are being warned about a fast-growing form of digital fraud targeting people through their smartphones, particularly those with banking apps installed. The threat centres on malicious software that allows criminals to take control of a device and carry out transactions while the owner is still using it.
These attacks are becoming more effective because many people are unfamiliar with how they work and only realise something is wrong once money has already been moved or accounts compromised.
According to BusinessTech, the rise of this scam underlines the increasing risks tied to mobile banking as criminals adopt more sophisticated techniques to exploit everyday smartphone use.
What are RAT attacks?
RAT stands for Remote Access Trojan, a type of malicious software that allows criminals to remotely control a person’s phone or computer. Once installed, it enables fraudsters to see and interact with activity on the device in real time.
This level of access means scammers can operate banking apps directly from a victim’s phone. Transactions may appear legitimate because they are being carried out on the customer’s own device rather than from an external source.
Bonolo Sebolai, Head of Fraud at TymeBank, described these scams as among the most advanced currently affecting South African consumers. He noted that RAT scams are particularly dangerous because they are designed to run alongside normal device use without obvious signs of a takeover.
How do criminals gain access to a phone?
In many cases, attacks begin with a phone call or message claiming to come from a trusted organisation. This could be a bank’s fraud department, a mobile network provider, a courier company, an online retailer or a government entity.
Victims are typically told there is an urgent issue with their account, device or a delivery. They are then instructed to click a link or install an app, often sent via WhatsApp or SMS, which is presented as a solution to the problem.
Once installed, the malicious software gives the scammer visibility of everything happening on the screen. This can include PINs and passwords as they are entered, one-time passwords sent by banks and live banking transactions.
Why are these scams difficult to detect?
Since fraudsters are using the victim’s own device, activity may appear legitimate to financial institutions. Sebolai explained that criminals do not necessarily steal login credentials in these cases. Instead, they take control of the device itself and operate from there.
This makes it difficult to distinguish between genuine user activity and fraudulent actions, as transactions are executed from the same phone normally used by the customer.
Scammers often rely on urgency and authority to push victims into acting quickly. Warnings that an account is about to be blocked or a service cannot proceed without immediate action are common tactics.
What warning signs should people watch for?
Pressure to act quickly is a major red flag. Requests to install software to resolve an issue, instructions to remain on a call while logging into banking apps or being told to approve transactions to reverse supposed fraud are also warning signs.
A key principle remains that banks will never ask customers to install remote access software or share PINs and one-time passwords.
How are banks responding to the threat?
With digital fraud on the rise, banks are strengthening security measures beyond traditional password checks. Sebolai said modern banking protection increasingly involves monitoring behaviour in real time to detect suspicious activity.
At TymeBank, this includes real-time fraud detection, behavioural monitoring to identify signs of remote device control and risk-based security measures that adapt depending on the situation.
What precautions are being advised?
Consumers are encouraged to download apps only from official app stores and to be cautious of unexpected messages or calls requesting urgent action. If something appears suspicious, individuals are advised to end the interaction and contact their bank directly.
Acting quickly is also important if a device is suspected to be compromised, as early intervention may limit financial losses.
How widespread is digital banking fraud?
The warning comes amid growing concern over the scale of digital fraud in South Africa. The National Financial Ombud Scheme reported a sharp increase in complaints related to digital banking over the past year.
Cases rose by 73%, climbing from 1,436 recorded between January and May 2024 to 2,483 during the same period the following year.
What role do virtual cards play in these risks?
The National Financial Ombud Scheme has also highlighted risks associated with virtual banking cards. In one reported case, a victim lost R500,000 after criminals gained access to their digital banking profile.
Nerosha Maseti, Lead Ombud for Banking and Credit at the NFO, said virtual cards offer convenience but are not immune to fraud. She explained that they are usually compromised only after criminals gain unauthorised access to a customer’s banking app through phishing, smishing or vishing
Once inside the digital banking profile, fraudsters can create virtual cards and use the credentials to carry out transactions, particularly if customers have shared one-time passwords or approved authentication prompts.
link