Financial Brands Targeted in Global Mobile Banking Malware Surge
Financial Brands Targeted in Global Mobile Banking Malware Surge
https://www.infosecurity-magazine.com/news/financial-brands-mobile-banking/
Publish Date: 2026-03-19 10:30:00
Source Domain: www.infosecurity-magazine.com
A global surge in mobile banking malware targeting 1243 financial brands across 90 countries is reshaping the fraud landscape, with attacks now originating primarily on user devices, according to Zimperium zLabs.
Zimperium’s latest report examined 34 active malware families affecting apps with more than three billion downloads, revealing what analysts describe as industrialised, large-scale campaigns.
These operations are reportedly evolving faster than traditional banking defences, driven by widespread code sharing and low barriers to entry for attackers.
Devices as Primary Battleground
Mobile banking is now the dominant channel for consumers, Zimperium said, with 54% relying on apps to manage accounts. As usage has increased, so has exposure to risk.
The report highlights a sharp rise in malicious activity, including a 56% increase in Android banking trojan attacks in 2025 and a 271% jump in unique malware packages to 255,090. Online fraud rose 21% between 2024 and 2025, while one in 20 verification attempts is now considered fraudulent. Overall, 80% of fraud occurs through online or mobile platforms.
“Mobile banking applications are absolutely a prime target,” Boris Cipot, senior security engineer at Black Duck, commented. “As the research shows, more than 1200 financial apps are currently under active attack, and malware-driven fraud has increased 67% year over year.”
Attackers are exploiting weak points in mobile applications. More than 60% of banking apps lack basic code protection, allowing criminals to reverse engineer systems and tailor attacks before targeting users.
Malware Capabilities Outpace Traditional Defences
Modern malware has progressed beyond credential theft, Zimperium warned, enabling attackers to control devices and operate within legitimate banking sessions. As a result, fraudulent activity often appears indistinguishable from normal user behaviour.
Read more on mobile banking fraud: GodFather Malware Upgraded to Hijack…
