Report: Over 1 billion Google Play downloads of financial apps targeted by malware

We’re excited to bring back Transform 2022 in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Register today!


According to Zimperium’s latest report, mobile banking, investing, payment and cryptocurrency apps, which are targeted by ten prolific families of malicious Trojans, have been downloaded over 1,012,452,500 times since the Google Play Store globally.

Researchers identified Teabot as the malicious Trojan targeting the highest number of mobile financial apps (410), followed by ExobotCompact.D/Octo (324). The most targeted banking application is “BBVA Spain | Online Banking,” which has been downloaded over 10 million times and is targeted by six of the 10 reported banking Trojans. The three main mobile financial apps targeted by Trojans focus on mobile payments and investments in alternative assets, such as cryptocurrency and gold. These applications represent more than 200,000,000 downloads worldwide.

The report revealed that the banking and financial services industry is subject to increasingly sophisticated attacks by Trojan horses that put financial institutions and their customers at risk. These attacks pose a variety of risks to users, with some capturing keystrokes or stealing credentials to use for nefarious activities and others capable of directly stealing money from victims. With the increase in the number of consumers around the world using mobile apps for all forms of banking and investing, the attack surface has increased with greater reward and less physical risk to criminals than they don’t run by stealing from a bank.

No region is immune to these attacks. As banking Trojans continue to undergo development updates with new features and capabilities, users and financial institutions face increasing risk from this global economic threat. The United States is the most targeted region, with 121 financial apps targeted by banking Trojans, accounting for over 286,753,500 downloads. The United Kingdom and Italy follow with 55 and 43 applications targeted respectively.

Zimperium’s research team analyzes hundreds of thousands of apps every day with state-of-the-art machine learning models and other proprietary techniques. The report tracks 639 financial apps, including mobile banking, investing, payment and cryptocurrency apps. All financial app targets in the report are available through the Google Play Store.

Read the full Zimperium report.

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more about membership.

Comments are closed.