The top 10 mobile banking Trojans for Android target 639 financial apps, which collectively have over a billion downloads on the Google Play Store.
According to the Zimperium report, which provides an overview of the Android ecosystem in the first quarter of 2021, each of the ten malware has taken its unique place in the market in terms of the number of victim organizations and special features that distinguish one Trojan from another.
Let me remind you that we also said that Octo banking android Trojan installed over 50,000 times, and that SharkBot Trojan Again Infiltrates the Google Play Store.
Most of all banking Trojans are attacked by:
- United States – 121 vulnerable applications;
- UK – 55 vulnerable applications;
- Italy – 43 vulnerable applications;
- Turkey – 34 vulnerable applications;
- Australia – 33 vulnerable applications;
- France – 31 vulnerable applications.
The Teabot trojan has the largest number of applications, with 410 of the 639 monitored applications. Right behind it is Exobot with 324 out of 639 apps.
The vulnerable PhonePe application was downloaded the most. It is extremely popular in India and has 100 million downloads from the Play Store. Binance, the popular cryptocurrency exchange app, has 50 million downloads. Cash App, a mobile payment service for the US and UK, also has 50 million installs on the Play Store. Both of these applications are also targets for several banking trojans.
The most popular target among hackers was BBVA, a global online banking portal with tens of millions of downloads. It is targeted by seven of the ten most active banking Trojans.
Most Popular Android Banking Trojans:
- BianLian – targets Binance, BBVA and a number of Turkish apps;
- Cabassous – targets Barclays, CommBank, Halifax, Lloys and Santande banks;
- Coper – targets BBVA, Caixa Bank, CommBank and Santander;
- EventBot – targets Barclays, Intensa, BancoPosta and various other Italian apps;
- Exobot – Targets PayPal, Binance, Cash App, Barclays, BBVA and CaixaBank;
- FluBot – targets BBVA, Caixa, Santander and various other Spanish applications;
- Medusa – targets BBVA, CaixaBank, Ziraat and a number of Turkish banking applications;
- Sharkbot – targets Binance, BBVA and Coinbase;
- Teabot – targets PhonePe, Binance, Barclays, Crypto.com, Postepay, Bank of America, Capital One, Citi Mobile and Coinbase;
- Xenomorph – targeted at BBVA and various banking applications in the EU;