Global mobile banking malware campaign targeting 1243 financial brands
Campaign
Summary
Hide ▲
Show ▼
The global mobile banking malware campaign is expanding against 1243 financial brands across 90 countries, shifting fraud onto user devices and weakening traditional bank-side controls. It relies on 34 active malware families and has pushed online fraud higher as attackers intercept sessions, authentication codes, and legitimate app behavior. TsarBot, CopyBara, and Hook account for more than 60% of banking and fintech app targeting. The move makes mobile banking fraud harder to distinguish from normal customer activity and raises losses across the sector.
Related Happenings
Rokarolla Android banking trojan activity
Malware Activity
H score26
First: 16.06.2026 16:15
Last: 16.06.2026 16:15
Sources 1
About this happening:
The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
Rokarolla Android banking trojan activity
Malware ActivityAbout this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
Premium Deception Android malware campaign
Campaign
H score38
First: 20.05.2026 18:30
Last: 20.05.2026 18:30
Sources 1
About this happening:
The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...
Premium Deception Android malware campaign
CampaignAbout this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...
BeatBanker Android phishing campaign targeting Brazilian users
Campaign
H score82
First: 12.03.2026 09:56
Last: 12.03.2026 09:56
Sources 1
About this happening:
A **BeatBanker** Android phishing campaign is targeting **Brazilian users**, creating a risk of device compromise and payment theft. The lure uses **Google Play Store** lookalike...
BeatBanker Android phishing campaign targeting Brazilian users
CampaignAbout this happening: A **BeatBanker** Android phishing campaign is targeting **Brazilian users**, creating a risk of device compromise and payment theft. The lure uses **Google Play Store** lookalike...
BeatBanker Android malware activity
Malware Activity
H score26
First: 10.03.2026 23:27
Last: 10.03.2026 23:27
Sources 1
About this happening:
The **BeatBanker** Android malware is actively **hijacking devices** by posing as a **Starlink app**, creating risk of credential theft, illicit mining, and remote device control....
BeatBanker Android malware activity
Malware ActivityAbout this happening: The **BeatBanker** Android malware is actively **hijacking devices** by posing as a **Starlink app**, creating risk of credential theft, illicit mining, and remote device control....
BankBot-YNRK and DeliveryRAT Android trojans
Malware Activity
H score18
First: 03.11.2025 13:14
Last: 03.11.2025 13:14
Sources 1
About this happening:
Researchers uncovered **BankBot-YNRK** and **DeliveryRAT** Android trojans that steal **sensitive data** from compromised devices, increasing risk for mobile banking and payment u...
BankBot-YNRK and DeliveryRAT Android trojans
Malware ActivityAbout this happening: Researchers uncovered **BankBot-YNRK** and **DeliveryRAT** Android trojans that steal **sensitive data** from compromised devices, increasing risk for mobile banking and payment u...
Timeline
-
19.03.2026 16:30 2 articles · 3mo ago
Global mobile banking malware campaign disclosed
Initial DisclosureZimperium zLabs says a global mobile banking malware campaign is targeting 1243 financial brands across 90 countries, with 34 active malware families affecting apps downloaded more than three billion times. The activity increasingly originates on user devices, where malware can intercept authentication codes, monitor live sessions, mimic legitimate app behavior, and use techniques such as blackout modes to hide transactions while TsarBot, CopyBara and Hook account for more than 60% of banking and fintech app targeting.
Show sources
- Financial Brands Targeted in Global Mobile Banking Malware Surge — www.infosecurity-magazine.com — 19.03.2026 16:30
- Financial Brands Targeted in Global Mobile Banking Malware Surge — www.infosecurity-magazine.com — 19.03.2026 16:30