Banking Trojans Targeting Hundreds of Financial Apps


639 financial applications targeted.
121 apps are based in the U.S.
Designed to carry out on-device fraud.


Introduction:
10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times. Some of the most targeted apps include Walmart-backed PhonePe, Binance, Cash App, Garanti BBVA Mobile, La Banque Postale, Ma Banque, Caf - Mon Compte, Postepay, and BBVA M�xico. These apps alone account for more than 260 million downloads from the official app marketplace.


Details:
Of the 639 apps tracked, 121 are based in the U.S., followed by the U.K. (55), Italy (43), Turkey (34), Australia (33), France (31), Spain (29), and Portugal (27). TeaBot is targeting 410 of the 639 applications tracked according to a new analysis of Android threats during the first half of 2022. Octo targets 324 of the 639 applications tracked and is the only one targeting popular, non-financial applications for credential theft.


Currently:
Aside from TeaBot (Anatsa) and Octo (Exobot), other prominent banking trojans include BianLian, Coper, EventBot, FluBot (Cabassous), Medusa, SharkBot, and Xenomorph. FluBot is also considered to be an aggressive variant of Cabassous, not to mention notorious for hitching its distribution wagon to serve Medusa, another mobile banking trojan that can gain near-complete control over a user's device. Last week, Europol announced the dismantling of infrastructure behind FluBot.


Additional Security Info:
These malicious remote access tools, while hiding behind the cloak of benign-looking apps, are designed to target mobile financial applications in an attempt to carry out on-device fraud and siphon funds directly from the victim's accounts. In addition, the rogue apps are equipped with the ability to evade detection by often hiding their icons from the home screen and are known to log keystrokes, capture clipboard data, and abuse accessibility services permissions to pursue their objectives such as credential theft. This involves the use of overlay attacks, pointing a victim to a fake banking login page that's displayed atop legitimate financial apps and can be used to steal the credentials entered.


Closing:
Consequences of such attacks can range from data theft and financial fraud to regulatory fines and loss of customer trust. In the past decade, the financial industry moved completely to mobile for its banking and payments service and stock trading. While this transition brings increased convenience and new options to consumers, it also introduces novel fraud risks. Reference link for the full story:
10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users Again

This information is brought to you by Vectech Solutions, The Gold Standard in Cybersecurity

#trojans #financialapps #banking