10 malicious Android malware is known to target 639 banking and crypto applications that have been downloaded in total more than a billion times in the Google Play Store. This series of malware is worth watching out for because it is a bank account drain trojan.
Many mobile banking Trojans are found hiding behind normal -looking applications, such as productivity applications and games, making it easy to infiltrate the Play Store.
Once infecting the device, the malware will display a login page created similar to the look of the original banking application to steal account credentials, monitor incoming notifications to retrieve OTPs, and even instantly steal victims' money by abusing Accessibilities services on mobile phones.
According to a Zimperium report, each of these trojans has its own uniqueness that makes it look different from other malware, for example from the number of organizations they target and their functionality.
Zimperium found the United States to be the top country targeted by this account -sucking trojan with 121 targeted applications. Then there are the UK (55 applications), Italy (43 applications), Turkey (34 applications), Australia (33 applications), and France (31 applications).
The Trojan that targeted the most applications was Teabot, which targeted 410 of the 639 applications monitored. Furthermore, there is Exobot which is targeting 324 applications, as quoted from Bleeping Computer, Monday (6/6/2022).
The most downloaded targeted app is PhonePe, a popular payment app in India, with over 100 million downloads. Cryptocurrency applications such as Binance that have been downloaded more than 50 million times are also being targeted even though they do not offer conventional banking services.
The most targeted application is BBVA, an online banking portal that has been downloaded tens of millions of times. This application is targeted by seven of the 10 most active banking trojans.
Here are the 10 most active banking trojans during the first quarter of 2022 according to the Zimperium report:
BianLian: A new version of this Trojan was discovered in April 2022 and can bypass photoTAn, which is a powerful authentication method for online banking.
Cabassous: This Trojan uses a domain generation algorithm (DGA) to evade detection.
Coper: Trojans can actively monitor a list of battery optimizations on a phone, and modify that list to allow trojans.
EventBot: This Trojan can disguise itself as Microsoft Word or Adobe Flash and can download new malware modules from remote sources.
Exobot: This Trojan is relatively small and light, and only takes overlays from the C2 server when needed.
Medusa: This Trojan can drain user accounts directly on the device by abusing accessibility services and pretending to be users to transfer money.
Sharkbot: This advanced Trojan has several features that make it difficult to detect and cannot be removed from the device, as well as strong C2 communication encryption.
Teabot: This Trojan carries a special keylogger for each targeted application, and will be loaded when the user opens the application.
Xenomorph: This Trojan also serves as a dropper that can pick up additional malware on the compromised device.
To protect your device and bank account from the malicious malware above, make sure your phone is always running the latest operating system. When installing an app, make sure it's only from the Google Play Store, always check reviews before downloading, and visit the developer's site.