Banking Trojans are a serious threat to all Android users. These 10 banking Trojans are the most common.
Enlarge
Android: The 10 most widespread banking Trojans
© Fit Ztudio/Shutterstock.com
The security company Zimperium has compiled a list of the ten most widespread banking Trojans for Android in the first quarter of 2022. The US IT news site Bleepingcomputer presents this list here.
These ten Android banking Trojans alone attack 639 financial applications, which Bleepingcomputer says have been downloaded over a billion times. The malware hides behind supposed productivity tools or behind games. Once the banking Trojans are installed, they try to steal the access data for online banking, for example by opening fake login pages.
BianLian:
Targets Binance, BBVA and a number of Turkish apps. A new version of the Trojan, which was discovered in April 2022, is said to be able to bypass the photoTAN procedure in online banking.
Cabassous:
Targets Barclays, CommBank, Halifax, Lloys and Santander. The Trojan uses a Domain Generation Algorithm (DGA) to bypass detection and shutdown.
Coper:
Targets BBVA, Caixa Bank, CommBank and Santander. It actively monitors the device battery optimization “permission list” and modifies it to exempt itself from restrictions.
EventBot:
Targets Barclays, Intensa, BancoPosta and various other Italian applications. It disguises itself as Microsoft Word or Adobe Flash (which, however, no longer exists) and can download new malware modules from remote sources.
Exobot:
Targets PayPal, Binance, Cash App, Barclays, BBVA, and CaixaBank. It is very small because it uses shared system libraries to begin with.
FluBot:
Targets BBVA, Caixa, Santander and various other Spanish applications. The botnet Trojan quickly spread via SMS and contact lists of compromised devices.
Medusa:
Targets BBVA, CaixaBank, Ziraat and a range of Turkish banking applications. It can impersonate a regular user on behalf of the victim.
Sharkbot:
Targets Binance, BBVA and Coinbase. It protects itself from being detected and deleted with a number of functions.
Teabot:
Targets PhonePe, Binance, Barclays, Crypto.com, Postepay, Bank of America, Capital One, Citi Mobile, and Coinbase. He monitored users with special keyloggers for each app.
Xenomorph:
Targets BBVA and various EU based banking apps. It can also serve as a dropper to download additional malware onto the compromised device.
