These apps with 1B+ downloads on Google Play Store are hot targets for cybercriminals
Some seemingly harmless productivity and gaming apps that are available on the Google Play store were created just to steal your banking credentials, per a new report from BleepingComputer which is based on findings from a Zimperium study.
Hidden within these apps are mobile banking trojans that swing into action when you launch a legitimate banking or financial app. They deceive users by displaying a fake login page over authentic pages to gain access to account credentials. The malware also keeps track of notifications to get the OTP and are also capable of abusing Accessibility services to do on-device financial fraud.
The top ten most malicious trojans target as many as 639 financial apps which have been downloaded over a billion times. Users in the US are the most at threat, not just because three out of four banking customers in the country use an app to conduct their daily transactions, but also because 121 of the apps are meant for American users. Next is the UK with 55 apps, followed by Italy which has 43, then comes Turkey with 34, Australia has 33, and France counts 31.
The targeted application that has been downloaded the most is PhonePe, a payment app immensely popular in India. It has been downloaded 100 million times from Google Play. Cryptocurrency exchange app Binance, which has been downloaded 50 million times, and the US and UK-based mobile payment service Cash App, which has also been installed 50 million times are also targeted by many banking trojans.
The most widely targeted app is the global online banking platform BBVA which has tens of millions of downloads. Seven out of the ten most prolific banking malware are known to target this app.
Most of these apps are targeted by a trojan called Teabot, which covers 410 out of the 639 apps tracked, and Exbot comes second, affecting 324 apps.
Other trojans that were quite active during the first quarter of 2021 include:
- BianLian which targets Binance, BBVA, and many Turkish apps.
- Cabassous which is after Barclays, CommBank, Halifax, Lloys, and Santander customers.
- Coper may take over BBVA, Caixa Bank, CommBank, and Santander accounts.
- EventBot which targets Barclays, Intensa, BancoPosta, and a host of Italian apps. This one disguises itself as Microsoft Word or Adobe Flash.
- Aforementioned Exobot which may affect PayPal, Binance, Cash App, Barclays, BBVA, and CaixaBank,
- FluBot which impacted BBVA, Caixa, Santander, and various Spanish apps.
- Medusa which targeted BBVA, CaixaBank, Ziraat, and Turkish banking apps.
- Sharkbot which affected Binance, BBVA, and Coinbase.
- Teabot targets PhonePe, Binance, Barclays, Crypto.com, Postepay, Bank of America, Capital One, Citi Mobile, and Coinbase.
- Xenomorph targets BBVA and many EU-specific bank apps.
The strategy that these trojans have employed is that each of them maintains a narrow target scope and they have different kinds of functionalities for different purposes.
Since these trojans are hidden within apps that are available on Android's official app store, you need to be on guard and avoid apps that come from untrusted sources. To avoid being tracked, you can consider a service like ExpressVPN
Things that are NOT allowed: