10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times.
Some of the most targeted apps include Walmart-backed PhonePe, Binance, Cash App, Garanti BBVA Mobile, La Banque Postale, Ma Banque, Caf – Mon Compte, Postepay, and BBVA México. These apps alone account for more than 260 million downloads from the official app marketplace.
Of the 639 apps tracked, 121 are based in the U.S., followed by the U.K. (55), Italy (43), Turkey (34), Australia (33), France (31), Spain (29), and Portugal (27).
“TeaBot is targeting 410 of the 639 applications tracked,” mobile security company Zimperium said in a new analysis of Android threats during the first half of 2022. “Octo targets 324 of the 639 applications tracked and is the only one targeting popular, non-financial applications for credential theft.”
Aside from TeaBot (Anatsa) and Octo (Exobot), other prominent banking trojans include BianLian, Coper, EventBot, FluBot (Cabassous), Medusa, SharkBot, and Xenomorph.
FluBot is also considered to be an aggressive variant of Cabassous, not to mention hitching its distribution wagon to serve Medusa, another mobile banking trojan that can gain near-complete control over a user’s device. Last week, Europol announced the dismantling of infrastructure behind FluBot.
These malicious remote access tools, while hiding behind the cloak of benign-looking apps, are designed to target mobile financial applications in an attempt to carry out on-device fraud and siphon funds directly from the victim’s accounts.
In addition, the rogue apps are equipped with the ability to evade detection by often hiding their icons from the home screen and are known to log keystrokes, capture clipboard data, and abuse accessibility services permissions to pursue their objectives such as credential theft.
This involves the use of overlay attacks, pointing a victim to a fake banking login page that’s displayed atop legitimate financial apps and can be used to steal the credentials entered.
Consequences of such attacks can range from data theft and financial fraud to regulatory fines and loss of customer trust.
“In the past decade, the financial industry moved completely to mobile for its banking and payments service and stock trading,” the researchers said. “While this transition brings increased convenience and new options to consumers, it also introduces novel fraud risks.”