Find notable cyber news and cases, enriched with sources, timelines, and signals.

Global mobile banking malware campaign targeting 1243 financial brands

Campaign
First reported
Last updated
Happening score
H score 47
1 unique sources, 1 articles

Summary

Hide ▲

The global mobile banking malware campaign is expanding against 1243 financial brands across 90 countries, shifting fraud onto user devices and weakening traditional bank-side controls. It relies on 34 active malware families and has pushed online fraud higher as attackers intercept sessions, authentication codes, and legitimate app behavior. TsarBot, CopyBara, and Hook account for more than 60% of banking and fintech app targeting. The move makes mobile banking fraud harder to distinguish from normal customer activity and raises losses across the sector.

Related Happenings

Rokarolla Android banking trojan activity

Malware Activity
H score26 First: 16.06.2026 16:15 Last: 16.06.2026 16:15 Sources 1

About this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...

Premium Deception Android malware campaign

Campaign
H score38 First: 20.05.2026 18:30 Last: 20.05.2026 18:30 Sources 1

About this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...

BeatBanker Android phishing campaign targeting Brazilian users

Campaign
H score82 First: 12.03.2026 09:56 Last: 12.03.2026 09:56 Sources 1

About this happening: A **BeatBanker** Android phishing campaign is targeting **Brazilian users**, creating a risk of device compromise and payment theft. The lure uses **Google Play Store** lookalike...

BeatBanker Android malware activity

Malware Activity
H score26 First: 10.03.2026 23:27 Last: 10.03.2026 23:27 Sources 1

About this happening: The **BeatBanker** Android malware is actively **hijacking devices** by posing as a **Starlink app**, creating risk of credential theft, illicit mining, and remote device control....

BankBot-YNRK and DeliveryRAT Android trojans

Malware Activity
H score18 First: 03.11.2025 13:14 Last: 03.11.2025 13:14 Sources 1

About this happening: Researchers uncovered **BankBot-YNRK** and **DeliveryRAT** Android trojans that steal **sensitive data** from compromised devices, increasing risk for mobile banking and payment u...

Timeline

  1. 19.03.2026 16:30 2 articles · 3mo ago

    Global mobile banking malware campaign disclosed

    Initial Disclosure

    Zimperium zLabs says a global mobile banking malware campaign is targeting 1243 financial brands across 90 countries, with 34 active malware families affecting apps downloaded more than three billion times. The activity increasingly originates on user devices, where malware can intercept authentication codes, monitor live sessions, mimic legitimate app behavior, and use techniques such as blackout modes to hide transactions while TsarBot, CopyBara and Hook account for more than 60% of banking and fintech app targeting.

    Show sources