Zimperium, Inc.
Zimperium releases 2023 mobile banking theft damage report
29 malware families found targeting 1,800 mobile banking apps in 61 countries ……
Financially motivated criminals see an opportunity when consumers are more active in mobile banking.
The fact that funds are continuously being invested to improve technology is revealed
December 18, 2024 From Dallas, Texas, USA
Zimperium, the only mobile-first security platform for mobile devices and mobile apps, continuously monitors mobile banking Trojans around the world and publishes the 2023 Mobile Banking Trojans, highlighting their evolution and damage. Banking Theft Damage Report (Japanese version https://get.zimperium.com/mobile-banking-heists-2024-jp/
This report reveals that mobile banking Trojans (banking Trojans) continue to evolve around the world to achieve their goal of stealing money. Last year’s report targeted 10 malware families and 600 banking applications.
[Image
Banking Trojans have evolved to lurk in mobile devices, become resistant to security measures, and have the ability to evade detection. Threats have evolved significantly due to attacker funding, and traditional security measures are no longer able to combat them. The report also found that U.S. banks remain the most targeted by financially motivated criminals. In 2023, banking app malware targeted 109 US banks, followed by the UK (48 banks) and Italy (44 banks). They also point out that Trojans have expanded beyond simple banking apps to include cryptocurrencies, social media, and messaging apps. “Mobile banking security is currently under severe pressure, with significant risks posed by a number of threat factors. shows widespread impact on mobile applications,” said Nico Chiaraviglio, Principal Scientist at Zimperium. “Trojans know how to bypass traditional countermeasures. To combat these intelligent adversaries, banks and financial institutions need comprehensive, real-time, on-device and mobile security. It is extremely important to employ Highlights of findings highlighting the true threat of malware targeting mobile banking:
● Legacy banking apps remain a prime target. Of the 1,800 targeted apps, 1,103 were compromised, accounting for 61% of the targets. FinTech and trading apps account for the remaining 39%.
● Hook, Godfather, and Teabot are the top banking malware among targeted banks. ● The 19 malware families reported in last year’s report are evolving with new features, and 10 new malware families were confirmed in 2023. New features observed in banking malware this year include:
● Automatic Transfer System (ATS): A technology that fraudulently transfers funds from a victim’s account without warning.
● Support fraud attack (TOAD): A technique in which an attacker impersonates a call center support representative, gains the trust of the victim, and then tricks the victim into downloading malware. ● Screen sharing abuse: A method that allows remote control of a victim’s device without physically accessing it.
● Malware as a Service (MaaS): An online business model that rents or sells malware creation tools.
These findings underscore the need for a comprehensive, autonomous, constantly monitored, mobile-first security strategy to combat today’s mobile banking Trojans, and the dynamic expansion of mobile Indicates a threat situation. Organizations need to embrace proactive, real-time threat visibility and protection, instead of reacting to threats as they occur, transforming from a cookie-cutter approach to one that considers real-world threats. there is.
Jon Paterson, Zimperium’s Chief Technology Officer, said: “Zimperium has uncovered the success of mobile banking malware attacks around the world by monitoring millions of devices. Cybercriminals are using traditional banking apps as well as emerging FinTech and trading apps Zimperium leverages its Mobile-First Security Platform(TM) strategy to deliver unparalleled security for both apps and devices. We advocate and enable global enterprises to realize the full potential of mobile business.”
Best practices to combat the growing malware threat:
● Match protection to threat sophistication: Advanced code protection techniques improve security because attackers determine that the cost and effort of attacking an application is not worth the expected benefit.
● Runtime visibility for comprehensive threat monitoring and modeling: Mobile application security leaders need runtime visibility across a variety of threat sources, including devices, networks, applications, and phishing. need to be realized. Insights viewed in real-time enable proactive identification and reporting of risks, threats, and attacks. ● Implement protections that respond to threats in real time on the device: Mobile application security leaders should prioritize implementing protection mechanisms on the device that allow apps to respond immediately when a threat is detected. . This action is performed autonomously and does not rely on network connectivity or communication with backend servers.
As banking malware evolves due to increased fraud exposure, increased operational costs, and decreased consumer trust and brand impact, it is clear that mobile banking fraud will become more prevalent. Implementing proactive and adaptive security is now a must.
Zimperium’s industry-leading mobile application protection suite provides banking institutions with comprehensive device
authentication, runtime visibility, advanced application shielding, and protection.
To learn more about how a mobile-first security strategy is essential to protecting today’s financial institutions, check out the Japanese version of the Mobile Banking Theft Report
(https://get.zimperium.com/mobile -banking-heists-2024-jp/) to view the full survey results. To learn more about Zimperium’s mobile-first security platform, click here (https://www.zimperium.com/).
About Zimperium
Zimperium’s mobile-first security strategy enables enterprises to realize the full potential of mobile business. Zimperium’s
Mobile-First Security Platform(TM) provides unparalleled security for both applications and devices in mobile businesses. Zimperium, the only company that provides autonomous mobile security that proactively adapts to changing environments, empowers enterprises to securely enable new business with mobile. Zimperium is headquartered in Dallas, Texas and backed by Liberty Strategic Capital and SoftBank.