These Sinister Android Trojans Target Financial Apps With Over 1 Billion Downloads

Earlier this week, we covered a report that claimed mobile device trojans are on the rise. Trojans are a specific kind of malware that infects victims’ devices by pretending to be legitimate and trustworthy applications. Unfortunately, trojans sometimes mange to sneak their way into the Google Play Store and infect victims’ Android devices before they are flagged and removed.

Cybersecurity researchers have discovered a number of different trojans in the wild that target various Android apps, and some of the most commonly targeted apps are financial apps. Financial apps can be reliably lucrative targets. Market research shows that 76% of Americans use banking apps for everyday financial tasks, meaning trojans that infect victims’ phones have the opportunity to compromise banking apps more often than not.

Trojans often leverage Android accessibility services to carry out malicious activity, such as stealing two-factor authentication (2FA) codes sent over SMS or keylogging to steal account credentials typed out by the victim. However, when it comes to financial targeting apps, some trojans take a page out of the phishing playbook and steal login credentials by overlaying false login screens over the legitimate login screens of financial apps.
android trojans target financial apps 1 billion downloads horse resized news
A report by Zimperium, a mobile security firm, details how widespread the targeting of financial apps by trojans has become. The researchers analyzed ten different trojans that are currently active in the wild, and found that together they target 639 financial Android apps. These mobile banking, investment, payment, and cryptocurrency apps have between them a total of just over 1 billion downloads from the Google Play Store. PhonePe, Binance, and Cash App, in that order, are the most downloaded apps targeted by the trojans analyzed in the report.

The trojans found in the report and the most popular apps they target are as follows:

  • BianLian: Binance, Garanti BBVA Mobile, Ziraat Mobile, Akbank Mobile Banking, QNB Finansbank, Halkbank Mobil, İşCep – Mobile Banking, VakıfBank Mobil Bankacılık, and Yapı Kredi Mobile
  • cabassous: Barclays Mobile App, Commonwealth Bank, Halifax Mobile Banking, Lloyds Bank Mobile, Santander Mobile Banking, NatWest Mobile Banking, ANZ Australia, St. George Mobile Banking, and Westpac Mobile Banking
  • Cooper: BBVA Spain Online Banking, CaixaBankNow Mobile Banking, Commonwealth Bank, Santander Mobile Banking, ANZ Australia Mobile Banking, St. | Geroge Mobile Banking, ING Australia Banking, TSB Mobile Banking, and NAB Mobile Banking
  • EventBot: Barclays Mobile Banking, Intesa Sanpaolo Mobile, BancoPosta Mobile Banking, Banca MPS Mobile Banking, RelaxBanking Mobile, Barclaycard Mobile, Bank Mobile Banking, Mediolanum Mobile Banking, and WiZink, tu banco senZillo
  • ExobotCompact.D/Octo: PayPal, Binance, Cash App Mobile, Barclays Mobile Banking, BBVA Spain Online Banking, CaixaBankNow Mobile, Garanti BBVA Mobile, Ziraat Mobile, and QNB Finansbank
  • FluBot: BBVA Spain Online Banking, CaixaBankNow Mobile, BBVA México Mobile, Santander Mobile Banking, Banco Sabadell App, Grupo Cajamar, Ibercaja Mobile Banking, ING España. Banca Móvil, and BBVA Net Cash ES & PT
  • Medusa: BBVA Spain Online Banking, CaixaBankNow Mobile, Garanti BBVA Mobile, Bziraat Mobile, Akbank Online Banking, QNB Finansbank, Halkbank Mobil, İşCep – Mobile Banking, and VakıfBank Mobil Bankacılık
  • Sharkbot: Binance, BBVA Spain Online Banking, Coinbase, and EVO Banco móvil
  • TeaBot: PhonePe, Binance, Barclays Mobile, Postepay Mobile Banking, Crypto.com, Blockchain.com, Bank of America Mobile Banking, Capital One Mobile, and Coinbase
  • Xenomorph: BBVA Spain Online Banking, KBC Mobile, Belfius Mobile, Easy Banking App, ING Banking App, Imagin Banking App, Caixadirecta Mobile Banking, MB WAY Mobile, and Grupo Cajamar
You can read Zimperium’s report to find a full list of all 639 financial apps targeted by these ten trojans.

Leave a Comment