News

Banking Trojan: Top 10 Target Apps With 1 Billion Downloads

Deepak GuptaJune 6, 2022
0

The top ten mobile banking trojans for Android target 639 financial apps, which together add up to more than 1 billion downloads from Google’s Play Store repository, according to the Zimperium report.

Threats often camouflage themselves in seemingly benign applications, such as productivity tools, and sneak into official Google stores. Once a device is infected, the malware overlays login pages over the screens displayed by legitimate banking and finance apps to steal account credentials, monitor OTP notifications (one-time password text messages), and even abuse services. Accessibility to perform financial fraud to perform actions as another user.

Due to the number of targeted institutions and the functionality that sets them apart from the rest, these trojans have taken a unique place in the market, according to the Zimperium report.

The finding is worrying, given that 79% of Brazilians use bank applications for financial transactions, according to a 2021 Ipsos/TecBan survey with national scope. In other countries, such as the United States, the proportion of users is also high: three out of four of the respondents use applications to carry out banking activities.

Image: Zimperium

Among the countries that top the list of most targeted countries is the USA, with 121 specific applications. Next on the list is the UK with 55 applications, Italy with 43, Turkey with 34, Australia with 33, and 31 targeting users in France.

Among the most popular trojans, Teabot leads — among 639 tracked, 410 were infected by the malware; Exobot ranks second, found in 324 applications.

Among the applications with the most downloads, the survey pointed to PhonePe, very popular in India, with 100 million downloads on the Play Store. Next, two applications from financial institutions are vying for the second with 50 million installations: Binance, a cryptocurrency transaction application, and Cash App, a mobile payment service operating in the United States and United Kingdom. While these last two do not offer traditional banking services, they are the target of banking trojans.

Banking Trojan: Top 10 Target Apps With 1 Billion Downloads

Image: Wk1003mike/Shutterstock

Among the most targeted application — the target of seven of the ten most active banking trojans — was BBVA, a global online banking portal, which gathers tens of millions of downloads.

In the report, Zimperium listed the most active banking trojans of the first quarter of the year 2022.

  • BianLian – Targets Binance, BBVA, and a range of Turkish applications. A new version of the trojan discovered in April introduces fotoTAN bypassing, which is considered a strong authentication method in online banking.
  • cabassous – Visa applications from Barclays, CommBank, Halifax, Lloyds, and Santander. It uses domain generation algorithm (DGA) to evade detection and takedowns.
  • Coper – Visa applications from BBVA, Caixa Bank, CommBank, and Santander. It actively monitors the device’s battery ‘whitelist’ and modifies it to exempt itself from restrictions.
  • EventBot – Targets Barclays, Intensa, BancoPosta, and several other Italian applications. It camouflages itself as Microsoft Word or Adobe Flash, and can download new malware modules from remote sources.
  • exobot – Targets PayPal, Binance, Cash App, Barclays, BBVA, and Caixa Bank, in addition to Itaú Unibanco. It is very small and lightweight because it uses shared system libraries and fetches C2 overlays only when needed.
  • FluBot – Visa BBVA, Caixa, Santander, and several other applications in Spanish. The trojan was notorious for rapid distribution using SMS and contact lists of compromised devices.
  • Jellyfish – Visa BBVA, CaixaBank, Ziraat, and a range of Turkish banking applications. It can perform fraud on the device, abusing the accessibility service to act as a normal user on behalf of the victim.
  • sharkbot – Visas Binance, BBVA, and Coinbase. It has a rich set of detection evasion and anti-deletion features, as well as strong C2 communication encryption.
  • teabot – Visas PhonePe, Binance, Barclays, Crypto.com, Postepay, Bank of America, Capital One, Citi Mobile, and Coinbase, in addition to OKX. It has a special keylogger for each application, and loads it when the user runs it.
  • Xenomorph – Targets BBVA and various EU-based banking apps. It can also serve as a dropper to search for additional malware on the compromised device.

The characteristics of each malware expose that each of the ten threats maintains its own scope focused on the target, giving operators the ability to choose tools that adapt to the target audience.

Malware illustration to represent the TeaBot trojan

Image: Suttipun/Shutterstock.com

To protect yourself, the basic tips are still valid:

  • Keep your device up to date;
  • Only install apps from official stores;
  • Visit the developer’s website;
  • Keep the number of applications installed on the device to a minimum;
  • Check the store and forum reviews and comments about the app.

Via BleepingComputer

We have other articles that may interest you:
  1. They save stranded dogs on La Palma
  2. why is this jackpot crazy (and how to play)?
  3. How to be part of the 100 millionaires tonight?
  4. Elon Musk’s guinea pig monkeys die in ‘extreme pain’
  5. Skyhigh Security launches with McAfee Enterprise edge security services
  6. MCPRO pills (CXXXIV): Telecommuting and Shadow IT, NAC, CIO rules
Deepak GuptaJune 6, 2022
0

Related Articles

Foxconn warns of low demand for electronic products and loses revenue

March 15, 2023
group stage of Euro 2024

The main intrigues and expectations of the group stage of Euro 2024

March 20, 2024

Quantum Basque Country: 90.5 million euros, inauguration in 2025 and a magnet for talent

March 25, 2023

This CyberGhost deal is all the rage in the VPN industry (and here’s why)

December 13, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *