Researchers have detected almost 100,000 new variants of mobile banking Trojans over the past year, as many malware developers have shifted their focus to the creation of mobile threats. Many of the infection routes of these trojans are still workable, such as phishing and the download execution of suspicious software, however, cyberattacker are now focusing more in official app stores to lure victims into downloading seemingly trustworthy software. While Google has security barriers in place to prevent malicious apps from making it into its store, the methods don’t always work when developers use anti-detection software or hide the malicious code.
In 2021, Malwarebytes discovered an app in Google Play that was disguised as a barcode scanner with over 10 million active installations. Although the app was submitted as legitimate software, an update was issued to the software after accumulating a huge user base, which subsequently turned the app into aggressive adware. The same tactic has been used to turn seemingly innocent apps into banking Trojans that can steal financial data and account credentials from online services.
Read More: Almost 100,000 new mobile banking Trojan strains detected in 2021