Cimperiuma platform dedicated to cybersecurity in the context of mobile devices, has published its annual report regarding telephony and banking services.
The document is a kind of snapshot regarding the trojan banking and the actions of cybercriminali who manage them. As is easy to imagine, the scenario is not the most positive.
In fact, this type of threat seems to evolve from year to year, with hackers constantly managing to find ways to evade the detection systems. Due to their number and aggressiveness, these malicious agents are now more than just a headache for security experts.
In this context, the country most affected are the United States. We talk about good 109 banks Americans targeted by malware in 2023, far more than the second-ranked country (La Great Britain con 48 institutes). In third position is theEuropecon 44 banks affected in the last twelve months.
The families who have been most affected by this sector, data in hand, were Hook, Godfather e Teabotwith a total of approx 1,800 dangerous apps identified only this year.
Banking Trojans in 2023: Europe third most affected country after the USA and the United Kingdom
What worries professionals, however, is above all the new techniques adopted by cybercriminals. Specifically, Zimperium wanted to bring the following strategies and features to the attention of consumers:
- Automated Transfer System (ATS), a technique that facilitates unauthorized money transfers;
- Telephone-based Attack Delivery (TOAD), which involves a follow-up call to gain the potential victim’s trust and push them towards further malware;
- Screen sharing of the victim, with the possibility of almost total control over his actions;
- Malware-as-a-Service (MaaS): an online business model that offers malware tools through subscriptions or sales of the malicious tools.
It must also be taken into account that, when we talk about banking Trojans, we are not just referring to attacks on banking platforms home banking or similar. As highlighted in the report, this type of malware nowadays finds ample room for maneuver even in the context of crypto wallets and with similar services.