CP
cyberpings
Malware & RansomwareHIGH

Mobile Banking Malware - Global Surge Targets Financial Apps

IMInfosecurity Magazine
mobile bankingmalwareZimperiumfraudfinancial apps
🎯

Basically, hackers are using malware to steal money from banking apps on people's phones.

Quick Summary

A global surge in mobile banking malware is impacting over 1200 financial apps. This shift poses serious risks as fraud migrates to user devices. Financial institutions must enhance app security to combat these threats.

What Happened

A recent report from Zimperium zLabs reveals a dramatic surge in mobile banking malware, affecting 1,243 financial brands across 90 countries. This shift in the fraud landscape indicates that attacks are increasingly originating from user devices rather than traditional banking infrastructures. With over three billion downloads of affected apps, the scale of this issue is unprecedented. Analysts describe these attacks as industrialized campaigns, evolving rapidly due to code sharing among attackers and the low barriers to entry for cybercriminals.

The report highlights a staggering 56% increase in Android banking trojan attacks in 2025, alongside a 271% rise in unique malware packages, totaling 255,090. Online fraud has surged by 21% from 2024 to 2025, with 80% of fraud now occurring through online or mobile platforms. As Boris Cipot, a senior security engineer, points out, mobile banking apps have become prime targets, with malware-driven fraud increasing 67% year over year.

Who's Being Targeted

The report indicates that 54% of consumers now rely on mobile banking apps to manage their accounts, increasing their exposure to risk. The United States leads with 162 targeted banking apps, followed by the UK with 69, Spain with 65, and Italy with 52. Emerging markets like India, Vietnam, and Malaysia are also experiencing significant threats. The malware is not just stealing credentials; it is capable of intercepting authentication codes and monitoring live sessions, making fraudulent activities appear indistinguishable from normal user behavior.

Signs of Infection

Modern malware has evolved beyond simple credential theft. Attackers can now control devices and operate within legitimate banking sessions. For instance, malware families such as TsarBot, CopyBara, and Hook account for over 60% of attacks on banking and fintech apps. Newer variants like Sturnus and Crocodilus introduce advanced techniques, including "blackout" modes that allow transactions to occur while a device appears inactive. This sophistication makes it challenging for both users and institutions to detect threats.

How to Protect Yourself

To combat this rising tide of mobile banking malware, financial institutions must prioritize mobile app security. Traditional server-side fraud controls are becoming ineffective against these automated trojans that hijack legitimate banking sessions. Users should ensure their banking apps are updated regularly and enable multi-factor authentication wherever possible. Additionally, being cautious about app permissions and avoiding suspicious downloads can significantly reduce the risk of infection. As Jason Soroko from Sectigo notes, the frontline of financial fraud has shifted to the customer’s mobile device, necessitating a new approach to security.

In conclusion, as mobile banking continues to dominate, both users and financial institutions must remain vigilant against evolving malware threats. The landscape of fraud is changing, and proactive measures are essential to safeguard sensitive information.

🔒 Pro insight: The rapid evolution of mobile banking malware underscores the need for enhanced security measures in financial applications to mitigate emerging threats.

Original article from

Infosecurity Magazine

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

DarkSword - New iOS Exploit Tool Targets Global Users

DarkSword is a new iOS exploit kit used in attacks across multiple countries. Targeting sensitive data, it poses significant risks to users. Stay informed and protect your devices against this emerging threat.

Security Affairs·
HIGHMalware & Ransomware

Malware - Insights from 2025 Malicious Infrastructure Report

Insikt Group's 2025 report reveals significant malware trends, including the rise of infostealers and evolving tactics. Organizations must adapt their defenses to stay ahead of these threats. Key insights can guide security strategies for the upcoming year.

Recorded Future Blog·
HIGHMalware & Ransomware

Malware Alert - Multi-Stage PureLog Stealer Attack Uncovered

A new multi-stage attack campaign has been uncovered, delivering PureLog Stealer through stealthy, fileless methods. Key industries are at risk, as this malware evades traditional defenses. Organizations must enhance their security measures to combat these sophisticated threats.

Trend Micro Research·
HIGHMalware & Ransomware

Interlock Ransomware - Exploited Cisco Firewall Zero-Day

The Interlock ransomware gang exploited a Cisco firewall zero-day before it was publicly disclosed. This poses serious risks to various organizations, especially in critical sectors. Awareness and proactive measures are essential to mitigate such threats.

The Record·
HIGHMalware & Ransomware

Malware - ‘Vibe-Coded’ Campaign Infects Users with Fake Tools

A new malware campaign is exploiting AI-assisted coding to infect users with fake tools. This widespread attack targets users across multiple countries, raising significant security concerns. Stay vigilant and avoid downloading software from unofficial sources to protect yourself.

Cyber Security News·
HIGHMalware & Ransomware

Beast Ransomware - Exposed Toolkit Unveils Attack Methods

An open directory has exposed the toolkit of Beast Ransomware, revealing their methods and tools for attacks. This discovery is critical for organizations to enhance their defenses. By understanding these tactics, defenders can better prepare against potential ransomware incidents.

SC Media·