Cybersecurity researchers have discovered a number of different trojans in the wild that target various Android apps, and some of the most commonly targeted apps are financial apps. Financial apps can be reliably lucrative targets. Market research shows that 76% of Americans use banking apps for everyday financial tasks, meaning trojans that infect victims’ phones have the opportunity to compromise banking apps more often than not.
We reported earlier this week on a research claiming that mobile device trojans are on the rise. Trojans are a type of malware that infects users’ devices by posing as legitimate and trustworthy programmes. Unfortunately, trojans occasionally make it into the Google Play Store and infect victims’ Android devices before being detected and deleted.
A report by Zimperium, a mobile security firm, details how widespread the targeting of financial apps by trojans has become. The researchers analyzed ten different trojans that are currently active in the wild, and found that together they target 639 financial Android apps. These mobile banking, investment, payment, and cryptocurrency apps have between them a total of just over 1 billion downloads from the Google Play Store. PhonePe, Binance, and Cash App, in that order, are the most downloaded apps targeted by the trojans analyzed in the report.
Trojans often leverage Android accessibility services to carry out malicious activity, such as stealing two-factor authentication (2FA) codes sent over SMS or keylogging to steal account credentials typed out by the victim. However, when it comes to targeting financial apps, some trojans take a page out of the phishing playbook and steal login credentials by overlaying false login screens over the legitimate login screens of financial apps.
Cabassous: Barclays Mobile App, Commonwealth Bank, Halifax Mobile Banking, Lloyds Bank Mobile, Santander Mobile Banking, NatWest Mobile Banking, ANZ Australia, St. George Mobile Banking, and Westpac Mobile Banking. Coper: BBVA Spain Online Banking, CaixaBankNow Mobile Banking, Commonwealth Bank, Santander Mobile Banking, ANZ Australia Mobile Banking, St. Geroge Mobile Banking, ING Australia Banking, TSB Mobile Banking, and NAB Mobile Banking.