Ten new types of banking malware have appeared this year Android, which together focus on 985 banking and fintech applications of financial institutions in 61 countries.
Banking Trojans are malware that target people's online bank accounts and money by trying to steal login credentials and session cookies, bypass two-factor authentication protections, and sometimes even perform transactions automatically. In addition to the ten new ones launched in 2023, another 19 from 2022 were modified to grow new capabilities and increase their operational sophistication.
SOCIETY Zimperium, which deals with mobile security, analyzed all 29 and reported that new trends include things like:
- Addition of an automated transfer system (ATS) that captures MFA tokens, initiates transactions, and transfers funds.
- Involving social engineering steps where cybercriminals impersonate customer support workers and direct victims to download Trojans, for example.
- Added live screen sharing option for direct remote interaction with infected device.
- Offering subscription malware to other cybercriminals for $3 to $000 per month.
Standard features available in most trojans examined include keylogging, phishing overlays, and SMS message theft.
Gallery
Another worrying phenomenon is that banking Trojans are moving from "just" stealing bank credentials and funds to targeting social media, messages and personal data.
Ten New Banking Trojans
Zimperium has investigated ten new banking Trojans, with more than 2 variants circulating in the space, masquerading as special tools, productivity apps, entertainment portals, games, photography and educational tools.
The ten new Trojans are listed below:
- Nexus: MaaS (malware as a service) with 498 variants offering live screen sharing, targeting 39 applications in 9 countries.
- Godfather: MaaS with 1 registered variants targeting 171 banking applications in 237 countries. Supports remote screen sharing.
- Pixpirate: A Trojan horse with 123 known variants powered by the ATS module. It focuses on ten banking applications.
- Saderat: A Trojan horse with 300 variants that targets 8 banking applications in 23 countries.
- Hook: MaaS with 14 known variants with live screen sharing. It targets 468 apps in 43 countries and is leased to cybercriminals for $7 a month.
- PixBankBot: A Trojan horse with three variants registered so far, aimed at four banking applications. It is equipped with an ATS module mediating possible fraud in the device.
- Xenomorph v3: MaaS with six variants capable of ATS operations targeting 83 banking applications in 14 countries.
- Vultur: A Trojan horse with nine variants targeting 122 banking applications in 15 countries.
- BrasDex: A Trojan that targets eight banking applications in Brazil.
- GoatRat: A Trojan horse with 52 known variants supporting the ATS module and targeting six banking applications.
In terms of malware types that existed in 2022 and were updated for 2023, Teabot, Exobot, Mysterybot, Medusa, Cabosous, Anubis, and Coper maintain notable activity.
If we were to rank the countries most often targeted by attacks, then the United States (109 targeted banking apps) would be in first place, followed by the United Kingdom (48 banking apps), Italy (44 apps), Australia (34), Turkey (32), France (30), Spain (29), Portugal (27), Germany (23) and Canada (17).
You could be interested in
How to stay safe?
If you want to protect yourself from these threats, it is better to avoid downloading APK files outside of Google Play, to be sure, even on this platform, carefully read user reviews and check the developer or publisher of the application. During installation, pay close attention to the required permissions and do not grant them to the software if you are not sure.
If an application asks to download an update from an external source on first launch, this is cause for suspicion, and it's wisest to avoid it altogether if possible. And finally, a classic recommendation, never click on links embedded in SMS or e-mail messages from unknown senders.
