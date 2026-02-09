According to BusinessTech, the rise of this scam underlines the increasing risks tied to mobile banking as criminals adopt more sophisticated techniques to exploit everyday smartphone use.

These attacks are becoming more effective because many people are unfamiliar with how they work and only realise something is wrong once money has already been moved or accounts compromised.

South Africans are being warned about a fast-growing form of digital fraud targeting people through their smartphones, particularly those with banking apps installed. The threat centres on malicious software that allows criminals to take control of a device and carry out transactions while the owner is still using it.

What are RAT attacks?

RAT stands for Remote Access Trojan, a type of malicious software that allows criminals to remotely control a person’s phone or computer. Once installed, it enables fraudsters to see and interact with activity on the device in real time.

This level of access means scammers can operate banking apps directly from a victim’s phone. Transactions may appear legitimate because they are being carried out on the customer’s own device rather than from an external source.

Bonolo Sebolai, Head of Fraud at TymeBank, described these scams as among the most advanced currently affecting South African consumers. He noted that RAT scams are particularly dangerous because they are designed to run alongside normal device use without obvious signs of a takeover.

How do criminals gain access to a phone?

In many cases, attacks begin with a phone call or message claiming to come from a trusted organisation. This could be a bank’s fraud department, a mobile network provider, a courier company, an online retailer or a government entity.

Victims are typically told there is an urgent issue with their account, device or a delivery. They are then instructed to click a link or install an app, often sent via WhatsApp or SMS, which is presented as a solution to the problem.

Once installed, the malicious software gives the scammer visibility of everything happening on the screen. This can include PINs and passwords as they are entered, one-time passwords sent by banks and live banking transactions.

Why are these scams difficult to detect?

Since fraudsters are using the victim’s own device, activity may appear legitimate to financial institutions. Sebolai explained that criminals do not necessarily steal login credentials in these cases. Instead, they take control of the device itself and operate from there.

This makes it difficult to distinguish between genuine user activity and fraudulent actions, as transactions are executed from the same phone normally used by the customer.

Scammers often rely on urgency and authority to push victims into acting quickly. Warnings that an account is about to be blocked or a service cannot proceed without immediate action are common tactics.

What warning signs should people watch for?

Pressure to act quickly is a major red flag. Requests to install software to resolve an issue, instructions to remain on a call while logging into banking apps or being told to approve transactions to reverse supposed fraud are also warning signs.

A key principle remains that banks will never ask customers to install remote access software or share PINs and one-time passwords.

How are banks responding to the threat?

With digital fraud on the rise, banks are strengthening security measures beyond traditional password checks. Sebolai said modern banking protection increasingly involves monitoring behaviour in real time to detect suspicious activity.

At TymeBank, this includes real-time fraud detection, behavioural monitoring to identify signs of remote device control and risk-based security measures that adapt depending on the situation.