With over 1 billion downloads on the Google Play Store, these apps are popular targets for cybercriminals

Written by admin

Some seemingly harmless productivity and gaming apps available on the Google Play Store are made to steal your banking information, according to a new report from BleepingComputer which is based on findings from a Zimperium study.

Hidden in these apps are mobile banking trojans that spring into action when you launch a legitimate banking or finance app. They deceive users by displaying a fake login page about authentic pages to access account information. The malware also tracks notifications to get the OTP and can also misuse the accessibility services to commit financial fraud on the device.

The top ten most malicious trojans target as many as 639 financial apps that have been downloaded more than a billion times. Users in the US are most at risk, not only because three in four banking customers in the country use an app to conduct their daily transactions, but also because 121 of the apps are intended for US users. Next up is the UK with 55 apps, followed by Italy with 43, then Turkey with 34, Australia with 33 and France with 31.
The most downloaded targeted application is PhonePe, a payment app that is immensely popular in India. It has been downloaded 100 million times from Google Play. Cryptocurrency exchange app Binance, which has been downloaded 50 million times, and US and UK-based mobile payment service Cash App, which has also been installed 50 million times, are also the target of many banking Trojans.

The most targeted app is the global online banking platform BBVA, which has tens of millions of downloads. Seven of the ten most prolific banking malware are known to target this app.

Most of these apps are targeted by a trojan called Teabot, which covers 410 of the 639 apps tracked, with Exbot coming in second, affecting 324 apps.

Other trojans that were quite active in the first quarter of 2021 include:

  • BianLian which focuses on Binance, BBVA and many Turkish apps.
  • Cabassous, which is after customers of Barclays, CommBank, Halifax, Lloyds and Santander.
  • Coper can take over accounts of BBVA, Caixa Bank, CommBank and Santander.
  • EventBot that focuses on Barclays, Intensa, BancoPosta and a large number of Italian apps. It disguises itself as Microsoft Word or Adobe Flash.
  • Aforesaid Exobot which may affect PayPal, Binance, Cash App, Barclays, BBVA and CaixaBank,
  • FluBot which affected BBVA, Caixa, Santander and several Spanish apps.
  • Medusa who focused on BBVA, CaixaBank, Ziraat and Turkish banking apps.
  • Sharkbot that influenced Binance, BBVA and Coinbase.
  • Teabot targets PhonePe, Binance, Barclays,, Postepay, Bank of America, Capital One, Citi Mobile, and Coinbase.
  • Xenomorph targets BBVA and many EU specific banking apps.
The strategy that these trojans have used is that each of them has a limited target range and they have different kinds of functionalities for different purposes.
Since these trojans are hidden in apps available in the official Android app store, be wary and avoid apps coming from untrusted sources. To take it one step further, consider a service like ExpressVPN

About the author


Leave a Comment