Mobile Security Firm Zimperium Analyzes 10 Banking Trojans on Android: Here's How to Stay Safe

Beware of these 10 Android banking malware since they can compromise your credentials.

2023 has witnessed the rise of 10 new Android banking malware families, collectively setting their sights on a staggering 985 bank and fintech/trading apps spanning 61 countries.

Since we're getting closer to 2024, it's always important to stay protected against any kind of virus that might harm our device and data so we can leave this year malware-free.

Evolution of Banking Trojans

Mobile Security Firm Zimperium Analyzes 10 Banking Trojans on Android: Here's How to Stay Safe
Banking trojans are a nuisance to the Android platform and many people often fall victim to this family of malware. However, there's a proper way to end your 2023 without letting them enter your device. Guido Coppa from Unsplash

In an analysis by Zimperium, a mobile security firm, there are new trends that threat actors do with malware. Either way, each of the banking trojans poses a risk not only to the user's device but also to their personal and financial data.

In the meantime, take a look at these trends that are happening in the cybersecurity space.

  • Automated Transfer Systems (ATS): a disturbing trend involves the integration of Automated Transfer Systems (ATS). It enables the capture of Multi-Factor Authentication (MFA) tokens, initiating unauthorized transactions, and executing fund transfers.
  • Social Engineering Sophistication: Cybercriminals are adopting social engineering tactics, masquerading as customer support agents to manipulate victims into downloading Trojan payloads voluntarily.
  • Live Screen-Sharing Capability: Adding a layer of direct remote interaction, the malware now features live screen-sharing, allowing cybercriminals to gain real-time access to infected devices.
  • Subscription-Based Malware: A concerning development is the introduction of a subscription model, with these malicious tools offered to fellow cybercriminals for a monthly fee ranging from $3,000 to $7,000.

Beyond Banking Credentials

Beyond the conventional focus on banking credentials and financial transactions, banking trojans are expanding their horizons. The latest trend indicates a shift towards targeting social media, messaging apps, and personal data. The scenario poses an elevated risk to users' comprehensive digital identities.

According to Bleeping Computer, here are the 10 Android banking trojans that have been notorious for attacking banking apps this year.

  1. Nexus: Malware-as-a-Service (MaaS) with 498 variants, offering live screen-sharing, targeting 39 apps across nine countries.

  2. Godfather: MaaS with 1,171 variants, supporting remote screen-sharing, and targeting 237 banking apps in 57 countries.

  3. Pixpirate: Trojan with 123 variants, featuring an ATS module and targeting ten bank apps.

  4. Saderat: Trojan with 300 variants, focusing on eight banking apps across 23 countries.

  5. Hook: MaaS with 14 variants, driven by live screen-sharing and targeting 468 apps in 43 countries, available for rent at $7,000 per month.

  6. PixBankBot: Trojan with three variants, equipped with an ATS module for on-device fraud, targeting four banking apps.

  7. Xenomorph v3: MaaS operation with six variants, capable of ATS operations, targeting 83 bank apps across 14 countries.

  8. Vultur: Trojan with nine variants, targeting 122 banking apps in 15 countries.

  9. BrasDex: Trojan focusing on eight bank apps in Brazil.

  10. GoatRat: Trojan with 52 known variants, empowered by an ATS module, targeting six banking apps.

Best Practices to Protect Yourself From Banking Trojan

To safeguard against these threats, users are advised to exercise caution:

  • Download only from Official Stores: Stick to Google Play and avoid downloading APKs from external sources.

  • Thoroughly Vet Apps: Read user reviews and research the developer/publisher before installation.

  • Monitor Permissions: Scrutinize requested permissions during installation and avoid granting access to 'Accessibility Services' without certainty.

  • Beware of External Updates: Treat requests for external updates upon app launch with suspicion and avoid if possible.

  • Avoid Unknown Links: Refrain from clicking on links in SMS or email messages from unfamiliar senders.

Prevention is always better than cure. There's no need to wait for the perfect time to avoid the malware before it infects your device and steals your precious credentials.

Joseph Henry
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics