This year saw the emergence of ten new families of Android banking malware, collectively targeting 1,800 banking apps in 61 countries. Banking Trojans are malware that targets people’s bank accounts and online finances, stealing credentials and session cookies, bypassing two-factor authentication protections, and sometimes executing transactions automatically. There are people in Portugal who suffered and lost a lot of money!
The tactic is to lead the user by the hand into the trap
People are increasingly using their smartphones to make payments, transfer money, manage their savings and invest their capital. In fact, banking apps are now being suggested by employees in branches as the quickest way to make a financial investment. And it is precisely this “versatility and ease of use that criminals consider to manufacture banking malware.”
The year 2023 was fertile for the emergence of applications infected with malware. In 2023 alone, 1,800 banking apps in 61 countries stole millions of users. All through 10 Trojans have been discovered this year Which ends now.
In addition to, 19 malware families detected for 2021 have been modified To add new capabilities and increase your operational development.
a Mobile security company Zimperium Analyze all 29 (10 + 19) and report back Includes emerging trends:
- Add an automated transfer system (ATS) that captures MFA codes, initiates transactions, and performs money transfers.
- Engaging in social engineering steps, such as cybercriminals posing as customer support agents and tricking victims into downloading software themselves Malware codes.
- Adding the ability to share the live screen for direct, remote interaction with the infected device.
- Trading subscription packages for malware-laden tools used by other cybercriminals. These packages can cost between 3 and 7 thousand dollars per month.
Standard features available in most of the Trojans examined include: Keyboard logging, phishing page overlays, and SMS theft.
Currently, criminals are also operating on social networks where they infuse apps with malware capable of defeating device security and stealing banking credentials and funds. Scams arrive via network messages and even SMS, as we have shared a lot on Pplware.
New banking Trojans
The security company checked it Ten new banking Trojans with over 2,100 variants Which are circulated on sites containing Android applications, disguised as special utilities, productivity applications, entertainment portals, photography tools, games and educational aids.
These ten new Trojans are listed below:
- Relationship: MaaS (malware as a service) with 498 variants providing live screen sharing, targeting 39 apps in nine countries.
- Spiritual father: MaaS with 1,171 known variants targeting 237 banking applications in 57 countries. Supports remote screen sharing.
- Pixpirate: A Trojan with 123 known variants, powered by the ATS module. It targets ten banking applications.
- exports: A Trojan with 300 different types targets eight banking applications in 23 countries.
- Hook: MaaS with 14 known variants, supported by real-time screen sharing. It targets 468 apps in 43 countries and is rented to cybercriminals for $7,000 per month.
- PixBankBot: A Trojan horse with three known forms that targets four banking applications. It comes with an ATS module for device fraud.
- Xenomorph v3: MaaS operation with six variants capable of ATS operations, targeting 83 banking applications in 14 countries.
- eagle: A Trojan with nine types targeting 122 banking applications in 15 countries.
- BrasDex: The Trojan targeting eight banking applications in Brazil.
- Goat rat: A Trojan with 52 known variants, activated by the ATS module, targeting six banking applications.
Among the malware families that were present in 2022 and updated for 2023, those that maintain notable activity are Teabot, Exobot, Mysterybot, Medusa, Cabossous, Anubis, and Copper.
Regarding the most targeted countries, the first on the list is the United States (109 targeted banking applications), followed by the United Kingdom (48 banking applications), Italy (44 applications), Australia (34), Turkey (32), and France. (30), Spain (29), Portugal (27)Germany (23) and Canada (17).
Stay safe
To protect yourself from these threats, Avoid downloading APK files from outside Google Playthe only official Android app store, and even on this platform, read user reviews carefully and check the background of the app developer/publisher.
During installation, pay close attention to the required permissions and never grant access to Accessibility Services unless you are sure about it.
If an application requests to download an update from an external source on first launch, treat it with suspicion and avoid it completely if possible.
Finally, never touch links embedded in SMS or emails from unknown senders.
“Friendly zombie fanatic. Analyst. Coffee buff. Professional music specialist. Communicator.”
