Highlights:
- According to the report, 109 U.S. banks are the primary targets for financially motivated threat actors in 2023.
- Traditional banking applications persist as the primary target for mobile banking malware threats.
In 2023, a recent report by mobile security platform provider Zimperium Inc. reveals a continued rise in mobile banking heists. Researchers identified 29 malware families targeting 1,800 banking applications across 61 countries during the year.
The 2023 Mobile Banking Heists Report elaborates on the advancement and success of banking trojans. These malicious software, crafted to infiltrate banking and financial applications for the theft of sensitive information like login credentials and financial data, persistently evolve and thrive. Their adeptness at persistence, security evasion, and mobile device detection avoidance contributes to their ongoing success. Compounding the challenge is the escalating investment from threat actors, presenting a scenario where conventional security practices struggle to match the pace of these developments.
As outlined in the report, financially motivated threat actors consistently prioritize U.S. banking institutions, directing attacks at 109 banks in 2023. This surpasses the second-highest target, the U.K., with 48 banking institutions, followed by Italy with 44. Additionally, the report underscores the trojan evolution, expanding beyond traditional banking apps to include targets in cryptocurrency, social media, and messaging apps.
Among the most important discoveries underscoring the danger posed by mobile banking malware is that, out of 1,800 targets, traditional banking apps continue to be the most frequently attacked (1,103 compromised apps). The remaining 39% are comprised of emerging FinTech and trading apps.
Based on the number of banks targeted, Hook, Godfather, and Teabot were determined to be the top families of banking malware. Nineteen malware families, as outlined in the 2022 report, were discovered to have developed enhanced capabilities, while an additional ten new families have been recognized as potential threats in 2023.
Several new functionalities were identified within banking malware this year. Notably, the Automated Transfer System, a technique enabling unauthorized money transfers, was observed. Additionally, the Telephone-based Attack Delivery method involves a subsequent call to build trust and download more malware. Another tactic involved hackers employing screen sharing to remotely control a victim’s device without requiring physical access.
Lastly, banking trojans started to surface through a malware-as-a-service model. In this business model, cybercriminals lease or sell tools for creating malware, enabling individuals with limited technical skills to carry out cyberattacks.
Chief Scientist at Zimperium, Nico Chiaraviglio, said, “Mobile banking security is currently in a high-stakes scenario, with numerous threat actors posing substantial risks. We are seeing that they are finding ways to bypass traditional defenses, which is why it is critical that banking and financial organizations employ comprehensive, real-time, on-device mobile security to combat these intelligent adversaries.”
The report provides multiple suggestions for safeguarding apps from malware. These recommendations encompass elevating protection measures to counter the increasing sophistication of threats by incorporating advanced code protection techniques. Additionally, it advises the implementation of runtime visibility for thorough monitoring and modeling of potential threats across diverse vectors. The report also recommends deploying on-device protection for swift and autonomous threat response, irrespective of network or server connectivity.