Ten new Android banking trojans targeted 985 bank apps in 2023

This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries.
Banking trojans are malware that targets people's online bank accounts and money by stealing credentials and session cookies, bypassing 2FA protections, and sometimes even performing transactions automatically.
In addition to the ten new trojans launched in 2023, 19 families from 2022 were modified to add new capabilities and increase their operational sophistication.
The standard features available in most of the examined trojans include keylogging, overlaying phishing pages, and stealing SMS messages.
Another worrying development is that banking trojans are moving past just stealing banking credentials and money and are now also targeting social media, messaging, and personal data.
Zimperium has examined ten new banking trojans with over 2,100 variants circulated in the wild, masquerading as special utilities, productivity apps, entertainment portals, photography tools, games, and education aids.
Nexus: MaaS with 498 variants offering live screen-sharing, targeting 39 apps in nine countries.
Godfather: MaaS with 1,171 known variants targeting 237 banking apps in 57 countries.
Pixpirate: Trojan with 123 known variants powered by an ATS module.
Saderat: Trojan with 300 variants targeting eight banking apps in 23 countries.
It targets 468 apps in 43 countries and is rented to cybercriminals for $7k/month.
PixBankBot: Trojan with three known variants targeting four banking apps.
Xenomorph v3: MaaS operation with six variants capable of ATS operations, targeting 83 bank apps in 14 countries.
Vultur: Trojan with nine variants targeting 122 banking apps in 15 countries.
BrasDex: Trojan that targets eight bank apps in Brazil.
GoatRat: Trojan with 52 known variants empowered by an ATS module, targeting six banking apps.
To protect against those threats, avoid downloading APKs from outside Google Play, Android's only official app store, and even on that platform, carefully read user reviews and perform a background check on the app's developer/publisher.
If an app requests to download an update from an external source upon first launch, it should be treated with suspicion and entirely avoided if possible.
Avast confirms it tagged Google app as malware on Android phones.
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 14 Dec 2023 19:40:22 +0000


Cyber News related to Ten new Android banking trojans targeted 985 bank apps in 2023

Ten new Android banking trojans targeted 985 bank apps in 2023 - This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries. Banking trojans are malware that targets people's online bank ...
1 year ago Bleepingcomputer.com
29 malware families target 1,800 banking apps worldwide - Mobile banking is outpacing online banking across all age groups due to its convenience and our desire to have those apps at our fingertips, according to Zimperium. This surge is accompanied by a dramatic growth in financial fraud. The research ...
11 months ago Helpnetsecurity.com
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
6 months ago Securelist.com
CyberCrime & Doing Time: Identification Documents: an Obsolete Fraud Countermeasure - When I'm talking to bankers and other fraud fighters, I often mention how easy it is for a criminal to obtain a Drivers License bearing any information they desire. In the new case, Brianna Mills, a 28-year old bank teller in Loganville, Georgia ...
10 months ago Garwarner.blogspot.com
ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store - On Android devices, one of the apps analyzed by researchers has more than 100,000 downloads, tracks, and shares location data with ByteDance and Amazon, etc. ChatGPT, the AI software, has already taken the Internet by storm, and that is why ...
1 year ago Hackread.com
Forward Bank Notifies 46,019 Customers of Recent Data Breach - On November 17, 2023, Forward Bank filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to access certain files on the company's computer network. In this notice, Forward Bank explains ...
1 year ago Jdsupra.com
PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions - A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of ...
1 year ago Thehackernews.com
New Xamalicious Android malware installed 330k times on Google Play - A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store. McAfee, a member of the App Defense Alliance, discovered 14 infected apps on Google ...
11 months ago Bleepingcomputer.com
New Web injections campaign steals banking data from 50,000 people - A new malware campaign that emerged in March 2023 used JavaScript web injections to try to steal the banking data of over 50,000 users of 40 banks in North America, South America, Europe, and Japan. IBM's security team discovered this evasive threat ...
1 year ago Bleepingcomputer.com
Nationwide Banking Crisis: Servers Down, UPI Transactions in Jeopardy - Several bank servers have been reported to have been down on Tuesday, affecting Unified Payments Interface transactions throughout the country. Several users took to social media platforms and reported that they encountered issues while making UPI ...
10 months ago Cysecurity.news
Data Insecurity: Experts Sound the Alarm on 4 Apps Putting User Privacy at Risk - Even though many of us rely on apps to entertain us, guide us, manage our exercise, and connect with family and friends, they are notoriously hard to trust. In an age when technology is constantly evolving, it is almost impossible to tell if a ...
1 year ago Cysecurity.news
Encore Bank Notifies Customers of Data Breach After Hackers Access an Employee Email Account - On January 31, 2024, Encore Bank filed a notice of data breach with the Attorney General of Massachusetts after discovering that an unauthorized party was able to gain access to an employee's email account. In this notice, Encore Bank explains that ...
10 months ago Jdsupra.com
Deluge of Nearly 300 Fake Apps Floods Iranian Banking Sector - A mammoth campaign targeting Iran's banking sector has grown in magnitude in recent months, with nearly 300 malicious Android apps targeting users for their account credentials, credit cards, and crypto wallets. Four months ago, researchers from ...
1 year ago Darkreading.com
FjordPhantom Android malware uses virtualization to evade detection - A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection. The malware was discovered by Promon, whose analysts report that it currently spreads via emails, SMS, and ...
1 year ago Bleepingcomputer.com
Android 15, Google Play get new anti-malware and anti-fraud features - Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also ...
7 months ago Bleepingcomputer.com
Android XLoader malware can now auto-execute after installation - A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. XLoader, aka MoqHao, is an Android malware operated and likely created by a financially motivated ...
10 months ago Bleepingcomputer.com
Over 90 malicious Android apps with 5.5M installs found on Google Play - Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. Anatsa is a banking trojan that targets over 650 ...
6 months ago Bleepingcomputer.com
'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps - In all, it represents a notable evolution in Brazil's thriving market for financial malware - and could spell big trouble down the line for security teams if it expands its focus. It may be a Brazil-focused threat to consumers for now, but as ...
10 months ago Darkreading.com
Google Online Security Blog: I/O 2024: What's new in Android security and privacy - As their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe. Today, we're announcing more new fraud and scam protection features ...
7 months ago Security.googleblog.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe - The campaign has been ongoing for at least four months and is the latest salvo from the operators of the malware, which first surfaced in 2020 and has previously notched victims in the US, Italy, United Kingdom, France, Germany, and other countries. ...
10 months ago Darkreading.com
CyberCrime & Doing Time: Classic Baggie: Part Three - He claimed he was selected as an independent contractor to rebuild a fleet of airplanes for KLM Royal Dutch Airlines, who had wired him $3.5 Million Euros into his Swiss bank account at Neue Privat Bank. His attorney, Phillip Richardson, said that he ...
11 months ago Garwarner.blogspot.com
GrapheneOS: Frequent Android auto-reboots block firmware exploits - The GrapheneOS team behind the privacy and security-focused Android-based operating system with the same name is suggesting that Android should introduce an auto-reboot feature to make exploitation of firmware flaws more difficult. The project ...
11 months ago Bleepingcomputer.com
Google Search bug shows blank page in Firefox for Android - Users of the Firefox browser for Android have been reporting that they are seeing a blank page when trying to load the main Google Search site. A report of the issue on GitHub confirms that the problem is reproducible on Firefox Mobile 121.0 for ...
11 months ago Bleepingcomputer.com
Android Phishing Forms for Sale on Cybercrime Market: Over 1,800 Web Injects Available - A threat actor named InTheBox is offering 1,894 web injects for sale on Russian cybercrime forums. These web injects are designed to steal credentials and sensitive data from banking, cryptocurrency exchange, and e-commerce apps. The overlays are ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)