Hidden in these apps are mobile banking trojans that spring into action when you launch a legitimate banking or finance app. They deceive users by displaying a fake login page about authentic pages to access account information. The malware also tracks notifications to get the OTP and can also misuse the accessibility services to commit financial fraud on the device.
The most targeted app is the global online banking platform BBVA, which has tens of millions of downloads. Seven of the ten most prolific banking malware are known to target this app.
Most of these apps are targeted by a trojan called Teabot, which covers 410 of the 639 apps tracked, with Exbot coming in second, affecting 324 apps.
Other trojans that were quite active in the first quarter of 2021 include:
- BianLian which focuses on Binance, BBVA and many Turkish apps.
- Cabassous, which is after customers of Barclays, CommBank, Halifax, Lloyds and Santander.
- Coper can take over accounts of BBVA, Caixa Bank, CommBank and Santander.
- EventBot that focuses on Barclays, Intensa, BancoPosta and a large number of Italian apps. It disguises itself as Microsoft Word or Adobe Flash.
- Aforesaid Exobot which may affect PayPal, Binance, Cash App, Barclays, BBVA and CaixaBank,
- FluBot which affected BBVA, Caixa, Santander and several Spanish apps.
- Medusa who focused on BBVA, CaixaBank, Ziraat and Turkish banking apps.
- Sharkbot that influenced Binance, BBVA and Coinbase.
- Teabot targets PhonePe, Binance, Barclays, Crypto.com, Postepay, Bank of America, Capital One, Citi Mobile, and Coinbase.
- Xenomorph targets BBVA and many EU specific banking apps.