Trojans targeting mobile banking grew by over 110% in H1 2022
The majority of the population in developed countries has integrated mobile banking into their everyday lives surprisingly quickly and seamlessly. The adoption of mobile banking was successful because financial institutions and fintechs ensured that their applications were user-friendly, convenient, and extremely secure.
However, since financial gains from finding loopholes in mobile banking applications could be sky-high, hackers are working day and night to figure out how to break into these apps.
While the mobile banking industry is in its golden age, the amount of attention from cybercriminals is also at an all-time high.
Consequently, the number of mobile banking trojans reached a record-breaking 109,561 detections in H1 2022, representing a 117% increase over the 50,450 detections in H2 2021.
The data for the analysis was extracted from Kaspersky’s official website, where the company shares data collected from its users.
Nearly half (49.28%) of the detections in H1 2022 were part of the Trojan-Banker.AndroidOS.Bray family. This malware type is considered to be a severe threat to the infected system.
Mobile banking threats, like most other trojans, infect the device by installing apps from unknown or unverified download sites, exploiting vulnerabilities, or being downloaded by other malware.
Mobile trojans are designed to target mobile financial applications in order to commit on-device fraud and siphon cash straight from victims' accounts.
Trojans often have a narrow target scope, focusing on a particular OS and a few financial platforms, like Paypal, Barclays, Binance, etc.
Victims can (sometimes) get their funds back
Cybercriminals tend to backward-rationalize their fraudulent acts by stating that their victims usually get their funds back, so the actual losses are incurred by the banking institutions instead.
While that is true in some cases, victims will have to go through a lot of excessively complicated procedures to get their money back, which is time-consuming and stressful.
On the other hand, if the fraudulent act was carried out through hacking into a fintech or a De-Fi application, then it is doubtful that the victim will ever get their money back.
In addition, finding the perpetrator is often undoable, as authorities won’t bother to spend the necessary resources to solve a case, as long as it does not involve huge amounts of money.
The difficulty arises due to the current online banking system itself. Fraudsters can transfer their funds through numerous foreign bank accounts, and with the use of blockchain, it’s practically impossible to track down the funds when dealing with an organized crime group that knows how to cover their tracks.
In other words, the advantages that make the current online banking landscape attractive—connectivity and privacy—are also the tools that criminals use to conceal their fraudulent activities.
To reduce the risk of trojan threats to a minimum, users are advised to keep their smartphone OS up to date, only install apps from the official stores, and avoid downloading email attachments.