This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries.
Banking trojans are malware that targets people's online bank accounts and money by stealing credentials and session cookies, bypassing 2FA protections, and sometimes even performing transactions automatically.
In addition to the ten new trojans launched in 2023, 19 families from 2022 were modified to add new capabilities and increase their operational sophistication.
The standard features available in most of the examined trojans include keylogging, overlaying phishing pages, and stealing SMS messages.
Another worrying development is that banking trojans are moving past just stealing banking credentials and money and are now also targeting social media, messaging, and personal data.
Zimperium has examined ten new banking trojans with over 2,100 variants circulated in the wild, masquerading as special utilities, productivity apps, entertainment portals, photography tools, games, and education aids.
Nexus: MaaS with 498 variants offering live screen-sharing, targeting 39 apps in nine countries.
Godfather: MaaS with 1,171 known variants targeting 237 banking apps in 57 countries.
Pixpirate: Trojan with 123 known variants powered by an ATS module.
Saderat: Trojan with 300 variants targeting eight banking apps in 23 countries.
It targets 468 apps in 43 countries and is rented to cybercriminals for $7k/month.
PixBankBot: Trojan with three known variants targeting four banking apps.
Xenomorph v3: MaaS operation with six variants capable of ATS operations, targeting 83 bank apps in 14 countries.
Vultur: Trojan with nine variants targeting 122 banking apps in 15 countries.
BrasDex: Trojan that targets eight bank apps in Brazil.
GoatRat: Trojan with 52 known variants empowered by an ATS module, targeting six banking apps.
To protect against those threats, avoid downloading APKs from outside Google Play, Android's only official app store, and even on that platform, carefully read user reviews and perform a background check on the app's developer/publisher.
If an app requests to download an update from an external source upon first launch, it should be treated with suspicion and entirely avoided if possible.
Avast confirms it tagged Google app as malware on Android phones.
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 14 Dec 2023 19:40:22 +0000