Top 10 Android banking trojans target apps with 1 billion downloads

The ten most prolific Android mobile banking trojans target 639 financial applications that collectively have over one billion downloads on the Google Play Store.

Mobile banking trojans hide behind seemingly benign apps like productivity tools and games and commonly sneak into the Google Play Store, Android’s official app store.

Once they infect a device, they overlay login pages on top of legitimate banking and finance apps to steal account credentials, monitor notifications to snatch OTPs, and even carry out on-device financial fraud by abusing Accessibility services to perform actions as the user.

According to a report by Zimperium that gives an overview of the Android ecosystem in the first quarter of 2021, each of these trojans has assumed a unique spot in the market by how many organizations they target as well as functionality that differentiate them from the rest.

This finding is very worrying, as according to 2021 surveys, three out of four respondents in the U.S. use banking apps to perform their daily banking activities, providing a massive pool of targets for these trojans.

The most targeted

Unites States tops the list of the most targeted countries having 121 targeted apps. The United Kingdom follows with 55 apps, Italy with 43, Turkey with 34, Australia counts 33, and France has 31.

The trojan that targets the most applications is Teabot, covering 410 out of 639 of those tracked, while Exobot also targets a sizable pool of 324 applications.

The targeted application with the most downloads is PhonePe, which is very popular in India, having 100 million downloads from the Play Store.

Binance, the popular cryptocurrency exchange app, counts 50M downloads. Cash App, a US and UK-covering mobile payment service, also has 50 million installations via the Play Store. Both of these are also targeted by several banking trojans, even if they don’t offer conventional banking services.

The most widely targeted application is BBVA, a global online banking portal with tens of millions of downloads. This app is targeted by seven out of the ten most active banking trojans.

Most prolific trojans

The most prolific banking trojans in the first quarter of this year, according to Zimperium, are the following.

As it becomes clear from the above, each of the ten most prolific banking trojans maintains its own relatively narrow targeting scope, so the ecosystem is balanced and the operatives can pick the tool that matches their target audience.

To protect from all these threats, keep your device up to date, only install apps from the Google Play Store, check user reviews, visit the developer’s site, and keep the number of installed apps on your device at a minimum.

Exit mobile version