Zimperium: Mobile Banking Attacks Skyrocket in 2023

The number of malware families targeting banking apps has nearly tripled with U.S. banking institutions by far the most targeted.

That’s according to Zimperium’s annual Mobile Banking Heists Report, which highlights the continued evolution and success of mobile banking trojans around the globe. Twenty-nine malware families targeted 1,800 banking applications across 61 countries in the last year. In comparison, last year's report uncovered 10 prolific malware families targeting 600 banking apps.

Banking trojans continue to evolve and succeed due to their ability to persist, bypass security and evade detection on mobile devices. As investment from fast-moving threat actors continues to increase, traditional security practices are unable to keep up.

Zimperium's Krishna Vishnubhotla

Krishna Vishnubhotla, Zimperium’s vice president of product strategy, said cybercriminals are succeeding in their attacks on banking apps.

“These cybercriminals are very financially motivated, targeting highly confidential and sensitive data, including banking credentials, in order to steal money,” he said. “Attackers are just following the money. And mobile banking apps are becoming the digital channel for consumers across all age groups. Consumers want access to their funds at their fingertips. We want to be able to bank, purchase and manage our financial lives from everywhere besides a physical bank. The reality is that convenience often trumps security, and cybercriminals know that the ease of mobile banking opens up the door for them to attack.”

Countries Most Targeted by Malware Families

There were 109 U.S. banks targeted by banking malware in 2023, compared to the next most targeted countries which were the United Kingdom. (48 banking institutions) and Italy (44). The report also noted that trojans are evolving beyond simple banking apps, targeting cryptocurrency, social media and messaging apps.

Other key findings from Ziperium’s report include:

New Banking Malware Capabilities

New capabilities observed within banking malware this year include:

“There are several factors into why organizations are falling behind in protecting their customers’ sensitive information,” Vishnubhotla said. “One, there is a lack of awareness across the board about how dynamic, sophisticated and surgical banking malware has become. There are also misconceptions that server-side security is sufficient. But that's not true, as this is also a client-side threat. And, lastly, for many organizations it’s just not a top priority yet due to budgets and other organizational initiatives.”

In 2024, Zimperium expects malware to more widely adopt a growing number of worrisome techniques like ransomware and others that enable frictionless fraud and theft, he said.

“We also expect new malware families to emerge, since the barrier for entry has been significantly lowered with malware code sharing and MaaS offerings,” Vishnubhotla said.