Zimperium – a mobile security platform purpose-built for enterprise environments – has published new research detailing the increasing risk financial institutions and consumers worldwide face due to Trojan horse malware targeting mobile applications.
This new report titled, Mobile Banking Heists: The Global Economic Threat, examines more than 600 financial apps – which account for more than 1 billion downloads worldwide – and the degree to which 10 prolific banking Trojan families target them. The report provides an audit of who these trojans target, how they’re deployed, how they work and which countries are most impacted.
“Not every Trojan targeting mobile and banking apps is created equal – they’re disseminated differently, use different exploitation techniques and vary in other degrees of reach and sophistication,” said Nico Chiaraviglio, VP of Security Research at Zimperium. “We’ve seen ad hoc reports of different banking Trojans over the past few years and, anecdotally, people may have recognised that they’re increasing in scope and frequency. But until now, no one has taken a step back to analyse and understand the big picture. That’s exactly what our Zimperium zLabs mobile threat research team has done.”
In addition to a detailed examination of 10 major banking Trojan families and the mobile apps they target, the report also chronicles how this threat is increasing. In fact, the malware known as both ExobotCompact.D and Octo was originally discovered in 2017 and is the oldest known banking Trojan outlined in this report. The Android/Bianlian Botnet malware is the next oldest banking Trojan assessed and was discovered in 2018. The eight other banking Trojans in the report were all discovered since 2020.
Among other key findings:
- The most targeted mobile banking application is ‘BBVA Spain | Online Banking’ with over 10 million downloads. This one application is targeted by six of the 10 reported banking Trojans.
- In the US, 121 financial applications are being targeted by banking Trojans, accounting for more than 286,753,500 downloads. The UK and Italy are the next most-targeted countries with 55 and 43 apps targeted, respectively.
- The top three mobile financial apps targeted by Trojans focus on mobile payments and alternative asset investments, like cryptocurrency and gold. These three apps account for over 200,000,000 downloads globally.
- The most prolific family of banking Trojan is Teabot, which is being used to target 410 of the applications listed in the report.
Zimperium’s research team analyses several hundred thousand applications each day, with state-of-the-art machine learning models and other proprietary techniques. The samples covered in this report were collected and classified using this methodology.Click below to share this article