Mobile banking apps threats escalate as malware targets Android users

Consumers around the world who use mobile banking apps should be on high alert, according to cybersecurity firm, Kaspersky, which has revealed a significant rise in mobile banking malware targeting Android devices. 

Kaspersky’s annual Financial Threats report details a 32% surge in mobile banking malware attacks on Android devices in 2023 compared to 2022.

These “Trojan” viruses targeting Android phones disguise themselves as legitimate apps to trick users into downloading them. Once installed, they can steal your login details and banking information.

The most prevalent culprit identified is a Trojan virus called Bian.h, accounting for a substantial 22% of all attacks on Android users.

Kaspersky’s report does not solely focus on mobile threats. It also reveals an 11% decline in users affected by financial PC malware in 2023 identifying Ramnit and Zbot as the dominant malware families targeting desktops, affecting over half (more than 50%) of the victims.

Kasperky also revealed other financial cyberthreats beyond malware. According to the cybersecurity company, scammers are becoming more creative by mimicking cryptocurrency exchanges and even offering fake coins supposedly backed by large companies like Apple.

Financial phishing accounted for 27.32% of all phishing attacks on corporate users and troubled 30.68% on individual users.

“E-shop brands were identified as the top lure, with 41.65% of financial phishing attempts. Additionally, PayPal phishing represented 54.78% of phishing pages targeting electronic payment system users. The report also highlighted a 16% year-on-year growth in cryptocurrency phishing, with 5.84 million detections in 2023 compared to 5.04 million in 2022.

E-shop phishing was identified as the most prevalent, recording 41.65% of all financial phishing pages. Amazon emerged as the most mimicked online store, accounting for 34% of phishing attempts, followed by Apple at 18.66% and Netflix at 14.71%. PayPal was the most targeted payment system, with 54.73% of attacks,” according to Kaspersky.

“Money has always been a magnet for cybercriminals, and a substantial portion of malware attacks are financially motivated. The surge in mobile malware witnessed last year highlights a concerning trend in cybercrime. With the emergence of new and aggressive malware strains, attackers are evolving their tactics to target mobile devices more aggressively. This underscores the imperative for individuals and businesses to maintain heightened vigilance, update protective measures, and fortify device security accordingly,” Igor Golovin, Kaspersky security expert said.

Malware: How to protect yourself

There are Kaspersky’s recommended steps to take to protect yourself from these cyber security threats. First, be cautious when downloading apps, especially those related to finance. Kaspersky recommends using official app stores like Google Play because “apps from these markets are not 100% failsafe, but they get checked by shop representatives and there is some filtration system – not every app can get into these stores”

Another way to protect yourself is to be wary of app permissions. Always check what permissions an app is requesting before you download it. Kaspersky advises caution for “high risk permissions such as permission to use Accessibility Services.” These permissions can give malicious apps a powerful foothold on your device, potentially allowing them to steal your login details and banking information.

The cybersecurity company also underscored the importance of installing reliable security software and keeping your phone’s operating system and apps updated. Security software can help detect malicious apps before they can wreak havoc, and software updates often contain patches for security vulnerabilities that could be taken advantage of by malware.