Published: June 11, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
With over one billion trojan banking malware downloads from 639 apps on Google Play Store, it’s time for mobile Android users to pay attention. After all, it’s ultimately the victims who end up paying the price for Google not finding the malware before making it available on their Play Store.
According to a report by BleepingComputer, based on findings by Zimperium mobile device security, the top ten most prolific and dangerous mobile banking trojans infiltrated 639 gaming and other benign apps on Google Play. Many who downloaded these apps may still be in the dark, but take some comfort knowing you’re now aware.
Despite Google’s recently improved efforts to keep malware out of their App Store, like introducing Play Protect, it appears there’s a lot more work to be done. At the same time, hackers have been improving their own efforts infecting Android apps and bypassing security checks. Research by Panda Security suggests Android devices are infected by malware 47 times more often than with iOS.
Top Apps Targeted by Banking Trojans
BleepingComputer reports U.S. users are the most threatened globally. They find 121 of the 639 apps are made to specifically target American users, with the UK next with 55 apps. It may not come as a surprise since three out of four U.S. banking customers rely on these apps for their daily financial transactions. Below are the top apps downloaded from Google Play that are most vulnerable to banking malware.
PhonePe, popular in India, had the most downloads with 100 million
Binance, a popular cryptocurrency exchange app had 50 million downloads
Cash App, a mobile payment service for the U.S. and UK also had 50 million downloads
BBVA, a global banking portal, is targeted by seven out of ten of the most prolific banking trojans. The app has tens of millions of downloads
Banking Trojans Targeting the Most Apps
TeaBot targeted 410 of 639 apps, while ExoBot targeted 324 apps
Doing your homework before downloading banking apps can save you a lot of headaches. Read app reviews, make sure your apps are updated, and don’t download (called “sideloading”) apps from third-party stores. It’s an app jungle out there, so be prepared.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org