Close to 100,000 New Mobile Banking Trojans Discovered in 2021

Security researchers have discovered a staggering number of new strains of banking Trojan malware that target mobile phones over the course of the past year. In 2021 alone, the number of newly discovered mobile banking Trojans almost reached 100,000.

Mobile phones have been the prevalent form of digital device used for a few years now and it's no wonder that cybercriminals are turning their attention to them. Of course, phishing email campaigns and malicious redirects on web pages that lead to malware-laden sites are still common on the web. However, mobile malware is booming and reaching monstrous proportions.

Mobile Trojans Dodging Detection

Naturally, the most lucrative path that a lot of criminals choose is to work on mobile malware focused on stealing banking information. Data exfiltration and surveillance are popular features found in a lot of mobile malware. However, stealing financial credentials from victims offers a much more immediate way to make money for the criminals developing the malware.

The quickest way to get the malicious mobile apps onto victim phones is, understandably, mobile storefronts. While the Google Play Store is doing its best to police and keep the marketplace clean, it's not impossible for malicious apps to spend enough time on the Play Store to accumulate thousands of downloads.

We recently covered the discovery and subsequent takedown of one similar Android app that was available on the Google Play Store. The app in question was posing as a multi-factor authentication tool and did indeed contain proper MFA functionality, alongside the Vultur malware. According to the security researchers who published a report on the app, it successfully dodged the Google Play Store anti-malware filters because it used code belonging to a legitimate MFA project and that allowed it to remain on the store for weeks.

Another method crooks use is to sneak malicious functionality and features in post-launch updates. The original app gains regular approval on the store, but later on, a patch injects malicious capabilities.

Leading Strains of Android Trojans

Out of the 97 thousand mobile banking Trojans discovered in 2021, the leading spots in terms of popularity are held by the strains with the detection names Trojan-Banker.AndroidOS.Agent with over 19%, followed by Trojan-Banker.AndroidOS.Anubis with 14% and Trojan-Banker.AndroidOS.Svpeng with nearly 9% of the total new detections.

The most common demographics targeted by banking trojans in the last year included Japan, several European countries, and Australia.