The Malicious 10 – Android Targeted By the Most Prolific Banking Trojans

Android is an operating system that has been targeted by all sorts of malware over the years. However, this time around, Android users are set for the most dangerous attack ever as the most prolific Android mobile banking trojans have set foot inside their Google Play Store.

Ten powerful banking trojans have set root inside 639 financial applications. If the apps are not popular, this could cause little to no damage. But since they collectively have over one billion downloads, this can be chaotic.

Three of these trojans are very popular. We’re talking about Flubot, TeaBot, and SharkBot. But it’s not just about those, the remaining 7 are as dangerous as the aforementioned, if not more. We’ve covered everything about the incident in the following comprehensive article.

Android Banking Trojans – Welcome to Google Play Store

Infected applications on Google Play Store is not a new tactic for threat actors. In fact, up till now, they are coming up with new ways and techniques to bypass Google Play Store’s security measures – and they’re succeeding.

This time around, the stakes got very high and Android users are facing their toughest challenge yet. Unfortunately, The “Legion of Doom” in the malware universe has decided to take over Google Play Store and infect 639 financial applications.

These trojans come with over-the-top capabilities as once they infect a device, they can easily present fake login pages on top of legitimate banking and finance apps.

Once the users enter their credentials, the threat actors can steal them, perform on-device financial fraud, as well as monitor received OTP messages.

According to research, three out of four respondents in the U.S. use banking apps. After all, these clients are convenient and help the users with their banking activities.

We can tell the impact these trojans can make, especially in the US. In fact, according to a report by Zimperium, the US tops the list when it comes to these attacks since around 121 apps are infected.

The second on the list is the UK, followed by several other countries around the world, particularly in Europe. Here’s how the trojans are distributed:

• The United States (121 Apps)
• The United Kingdom (55 Apps)
• Italy (43 Apps)
• Turkey (34 Apps)
• Australia (33 Apps)
• France (31 Apps)

It doesn’t come as a shock that TeaBot is the leading Trojan in these attacks. The banking credential-stealing malware covers 410 out of 639 of those tracked, followed by Exobot which targets a sizable pool of 324 applications.

Android Banking Trojans 101

As mentioned, 10 of the most popular Trojans are responsible for what is going on with these apps on Google Play Store. Each one of them operates differently, has a specific target audience, and uses different techniques.

One thing in common though, they’re all malicious and they’re after the victims’ banking credentials. What are Android users up against? They’re dealing with the most dangerous trojans in the industry.

The Fearsome 10

According to Zimperium, these are the most prolific banking trojans in the first quarter of this year (Listed by BleepingComputer):

• BianLian – Targets Binance, BBVA, and a range of Turkish apps.
• Cabassous – Targets Barclays, CommBank, Halifax, Lloys, and Santander.
• Coper – Targets BBVA, Caixa Bank, CommBank, and Santander. It actively monitors device battery optimization “allowlist” and modifies it to exempt itself from restrictions.
• EventBot – Targets Barclays, Intensa, BancoPosta, and various other Italian apps.
• Exobot – Targets PayPal, Binance, Cash App, Barclays, BBVA, and CaixaBank.
• FluBot – Targeted BBVA, Caixa, Santander, and various other Spanish apps.
• Medusa – Targets BBVA, CaixaBank, Ziraat, and a range of Turkish bank apps.
• Sharkbot – Targets Binance, BBVA, and Coinbase.
• Teabot – Targets PhonePe, Binance, Barclays, Crypto.com, Postepay, Bank of America, Capital One, Citi Mobile, and Coinbase.
• Xenomorph – Targets BBVA and various EU-based bank apps.

As we can see above, each one has a certain job and specific targets. That’s what makes them so dangerous due to the wide variety of options in terms of app infections.

Malicious Banking Trojans – Home Sweet Google Play Store

We know that recommending that you download apps only from Play Store doesn’t fit the criterion here, but that’s the only option to get safe apps.

If you download anything from third-party websites, a lot worse can happen. At least, Google Play does something to protect you and eventually removes such malicious applications.

Also, when you download the app, make sure you go through everything, especially the user reviews. Next, check the developer’s official website – that’ll give you a hint or two on how legit the app is.

Finally, and most importantly, keep your device up to date. You never know what security features are added with each update – they might solve a lot of issues.