Zimperium: Mobile Banking Attacks Skyrocket in 2023

Attackers are just following the money.

Edward Gately, Senior News Editor

December 14, 2023

3 Min Read
malware families
AI-Generated/Shutterstock

The number of malware families targeting banking apps has nearly tripled with U.S. banking institutions by far the most targeted.

That’s according to Zimperium’s annual Mobile Banking Heists Report, which highlights the continued evolution and success of mobile banking trojans around the globe. Twenty-nine malware families targeted 1,800 banking applications across 61 countries in the last year. In comparison, last year's report uncovered 10 prolific malware families targeting 600 banking apps.

Banking trojans continue to evolve and succeed due to their ability to persist, bypass security and evade detection on mobile devices. As investment from fast-moving threat actors continues to increase, traditional security practices are unable to keep up.

Vishnubhotla_Krishna_Zimperium.jpg

Krishna Vishnubhotla, Zimperium’s vice president of product strategy, said cybercriminals are succeeding in their attacks on banking apps.

“These cybercriminals are very financially motivated, targeting highly confidential and sensitive data, including banking credentials, in order to steal money,” he said. “Attackers are just following the money. And mobile banking apps are becoming the digital channel for consumers across all age groups. Consumers want access to their funds at their fingertips. We want to be able to bank, purchase and manage our financial lives from everywhere besides a physical bank. The reality is that convenience often trumps security, and cybercriminals know that the ease of mobile banking opens up the door for them to attack.”

Countries Most Targeted by Malware Families

There were 109 U.S. banks targeted by banking malware in 2023, compared to the next most targeted countries which were the United Kingdom. (48 banking institutions) and Italy (44). The report also noted that trojans are evolving beyond simple banking apps, targeting cryptocurrency, social media and messaging apps.

Other key findings from Ziperium’s report include:

  • Traditional banking applications remain the prime target, with 1,103 compromised apps, accounting for 61% of the 1,800 targets, while emerging fintech and trading apps make up the remaining 39%.

  • Hook, Godfather and Teabot are the top banking malware families, measured by the number of banks targeted.

New Banking Malware Capabilities

New capabilities observed within banking malware this year include:

  • Automated transfer system (ATS), a technique that facilitates unauthorized transfers of money.

  • Telephone-based attack delivery (TOAD), which involves a follow-up call to gain trust and download more malware.

  • Screen sharing, being able to remotely control a victim's device without having physical access to it.

  • Malware-as-a-service (MaaS), an online business model offering malware creation tools for rent or sale, facilitating easy execution of cyberattacks.

“There are several factors into why organizations are falling behind in protecting their customers’ sensitive information,” Vishnubhotla said. “One, there is a lack of awareness across the board about how dynamic, sophisticated and surgical banking malware has become. There are also misconceptions that server-side security is sufficient. But that's not true, as this is also a client-side threat. And, lastly, for many organizations it’s just not a top priority yet due to budgets and other organizational initiatives.”

In 2024, Zimperium expects malware to more widely adopt a growing number of worrisome techniques like ransomware and others that enable frictionless fraud and theft, he said.

“We also expect new malware families to emerge, since the barrier for entry has been significantly lowered with malware code sharing and MaaS offerings,” Vishnubhotla said.

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like