Report: Over 1B Google Play downloads for financial apps targeted by malware

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 — 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

According to the latest report by Zimperium, mobile banking, investment, payment and cryptocurrency apps, which are targeted by ten prolific families of trojan horse malware, have been downloaded over 1,012,452,500 times from the Google Play Store globally.

Researchers identified Teabot as the trojan malware targeting the largest number of mobile financial applications (410), followed by ExobotCompact.D/Octo (324). The most targeted banking application is “BBVA Spain | Online Banking,” which has been downloaded over 10 million times, and is targeted by six of the 10 reported banking trojans. The top three mobile financial apps targeted by trojans focus on mobile payments and alternative asset investments, like cryptocurrency and gold. These apps account for over 200,000,000 downloads globally.

The report unveiled that the banking and financial services sector is experiencing increasingly sophisticated attacks by trojans that put financial institutions and their customers at risk. These attacks pose various risks for users, some of them capturing keystrokes or stealing credentials to be used for nefarious activity and others capable of directly stealing money from victims. With the uptick of consumers globally using mobile apps for all forms of banking and investment activity, the attack surface has grown with greater reward and less physical risk for criminals than they face stealing from a bank location. 

No region is immune from these attacks. As banking trojans continue to go through developmental updates with new features and capabilities, both users and financial institutions face increasing risk of this global economic threat. The U.S. is the most-targeted region, with 121 financial applications being targeted by banking trojans, accounting for more than 286,753,500 downloads. The U.K. and Italy are next with 55 and 43 apps targeted, respectively.

Zimperium’s research team analyzes several hundred thousand applications each day with state-of-the-art machine learning models and other proprietary techniques. The report tracks 639 financial applications, including mobile banking, investment, payment and cryptocurrency apps. All financial application targets in the report are available through the Google Play Store.

Read the full report by Zimperium.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.