Hidden within these apps are mobile banking trojans that kick in when you launch a legitimate banking or financial app. They trick users into showing fake login page on genuine pages to access account credentials. The malware also keeps track of notifications to get the OTP and is also capable of abusing accessibility services to do financial fraud on the device.
The most targeted application is the global online banking platform BBVA, which has tens of millions of downloads. Seven of the ten most prolific banking malware are known to target this application.
Most of these apps are targeted by a trojan called Teabot, which covers 410 of the 639 apps tracked, and Exbot comes in second, affecting 324 apps.
Other Trojans that have been quite active in the first quarter of 2021 include:
- BianLian which targets Binance, BBVA and many Turkish apps.
- Cabassous who is after clients of Barclays, CommBank, Halifax, Lloyds and Santander.
- Coper can take over BBVA, Caixa Bank, CommBank and Santander accounts.
- EventBot targeting Barclays, Intensa, BancoPosta and a host of Italian apps. It disguises itself as Microsoft Word or Adobe Flash.
- The aforementioned exobot which can affect PayPal, Binance, Cash App, Barclays, BBVA and CaixaBank,
- FluBot which impacted BBVA, Caixa, Santander and various Spanish apps.
- Medusa which targeted BBVA, CaixaBank, Ziraat and Turkish banking apps.
- Sharkbot which affected Binance, BBVA and Coinbase.
- Teabot targets PhonePe, Binance, Barclays, Crypto.com, Postepay, Bank of America, Capital One, Citi Mobile and Coinbase.
- Xenomorph targets BBVA and many EU-specific banking apps.