639 Android Apps Targeted by Malware-Information Technology

According to security researchers at Zimperium, there are currently about 10 malware targeting 639 apps on Google Play.

After infecting a device, the malware creates a login overlay on top of banking (or financial) applications to steal account information, monitor notifications, steal OTPs, and even even commit financial fraud by abusing Accessibility services.

This finding is very worrying, because according to surveys in 2021, 3 out of 4 people in the US say they often use a banking app to conduct daily transactions.

Many banking apps are targeted by malware. Photo: Tieu MINH

The US was the most targeted country with 121 apps, followed by the UK with 55 apps, Italy 43 apps, Turkey 34 apps, Australia 33 apps, and France 31 apps.

The malware that targeted the most apps was Teabot, which included 410 of the 639 apps, and Exobot was no exception when it came to targeting 324 apps.

Binance, the popular cryptocurrency exchange app, has 50 million downloads. Cash App, a mobile payments service covered in the US and UK, also has 50 million installs on Google Play. Both are targets of malware, even if they don’t offer regular banking services.

The most widely targeted application is BBVA, a global online banking portal with tens of millions of downloads. This app is targeted by 7 of the 10 most active malware.

10 malware targeting banking apps

– BianLian: Targets Binance, BBVA and a bunch of apps in Turkey. A new version of the malware discovered in April 2022 is capable of bypassing photoTAN, a strong authentication method in online banking.

– Cabassous: Targets Barclays, CommBank, Halifax, Lloys and Santander. Uses domain generation algorithm (DGA) to avoid detection and takedown.

– Coper: Targets BBVA, Caixa Bank, CommBank and Santander. Malware has the ability to modify itself to get around phone restrictions.

– EventBot: Targets Barclays, Intensa, BancoPosta and many more in Italy. Malware hides inside Adobe Flash or document files and can remotely download additional modules.

– Exobot: Targets PayPal, Binance, Cash App, Barclays, BBVA and CaixaBank. This malware is very small and lightweight because it uses shared system libraries and only fetches overlays from the server when needed.

– FluBot: Targets BBVA, Caixa, Santander and many other spanish apps. This malware is known for its ability to spread rapidly using SMS and contact lists of compromised devices.

– Medusa: Targets BBVA, CaixaBank, Ziraat and a bunch of Turkish banking apps. It can commit fraud on the device by abusing the accessibility service.

– Sharkbot: Targets Binance, BBVA, and Coinbase. The malware has anti-detection and anti-delete capabilities, as well as encrypts communication with the control server.

– Teabot: Targets PhonePe, Binance, Barclays, Crypto.com, Postepay, Bank of America, Capital One, Citi Mobile and Coinbase. The malware is equipped with a special keylogger for each application, which records user actions.

– Xenomorph: Targets BBVA and various European Union banking applications.

To prevent hacking and lose money in your bank account, update your device and install apps only on Google Play, and carefully read user reviews.

According to Xiao Ming (Ho Chi Minh City Law)