A Dallas-based company has identified dozens of malware threats to mobile banking apps, claiming in an annual report that trojans — malware that downloads disguised as a legitimate program — are being used in sophisticated attacks to victimize users.
“Mobile banking security is currently in a high-stakes scenario, with numerous threat actors posing substantial risks,” Nico Chiaraviglio, chief scientist at Zimperium, said in a news release.
“This report shows the sophistication, adaptability, and scalability of banking trojans and their widespread impact on mobile applications across the globe. We are seeing that they are finding ways to bypass traditional defenses, which is why it is critical that banking and financial organizations employ comprehensive, real-time, on-device mobile security to combat these intelligent adversaries.”
Zimperium provides real-time protection against threats on iOS, Android, and Chromebook. Its 2023 Mobile Banking Heists Report reveals the “evolution and success of mobile banking trojans around the globe,” according to the release.
“In particular, the research uncovered that 29 malware families targeted 1,800 banking applications across 61 countries last year. In comparison, last year’s report uncovered 10 prolific malware families targeting 600 banking apps. Banking trojans continue to evolve and succeed due to their ability to persist, bypass security, and evade detection on mobile devices. As investment from fast-moving threat actors continues to increase, traditional security practices are unable to keep up.”
The research also showed that banking institutions in the U.S. were targeted the most, followed by those in the UK and Italy. Other findings include:
- Traditional banking applications remain the prime target, with 1,103 compromised apps — accounting for 61% of the 1,800 targets — while emerging FinTech and Trading apps make up the remaining 39%.
- Hook, Godfather, and Teabot are the top banking malware families.
- The 19 malware families from last year’s report have evolved with new capabilities, and 10 new families have been identified as threats in 2023.