Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Global mobile banking malware campaign targeting 1243 financial brands

Campaign
First reported
Last updated
Happening score
H score 46
1 unique sources, 1 articles

Summary

Hide ▲

The global mobile banking malware campaign is expanding against 1243 financial brands across 90 countries, shifting fraud onto user devices and weakening traditional bank-side controls. It relies on 34 active malware families and has pushed online fraud higher as attackers intercept sessions, authentication codes, and legitimate app behavior. TsarBot, CopyBara, and Hook account for more than 60% of banking and fintech app targeting. The move makes mobile banking fraud harder to distinguish from normal customer activity and raises losses across the sector.

Related Happenings

Premium Deception Android malware campaign

Campaign
First: 20.05.2026 18:30 Last: 20.05.2026 18:30 Sources 1

About this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...

Open Happening

BeatBanker Android phishing campaign targeting Brazilian users

Campaign
First: 12.03.2026 09:56 Last: 12.03.2026 09:56 Sources 1

About this happening: A **BeatBanker** Android phishing campaign is targeting **Brazilian users**, creating a risk of device compromise and payment theft. The lure uses **Google Play Store** lookalike...

Open Happening

BeatBanker Android malware activity

Malware Activity
First: 10.03.2026 23:27 Last: 10.03.2026 23:27 Sources 1

About this happening: The **BeatBanker** Android malware is actively **hijacking devices** by posing as a **Starlink app**, creating risk of credential theft, illicit mining, and remote device control....

Open Happening

BankBot-YNRK and DeliveryRAT Android trojans

Malware Activity
First: 03.11.2025 13:14 Last: 03.11.2025 13:14 Sources 1

About this happening: Researchers uncovered **BankBot-YNRK** and **DeliveryRAT** Android trojans that steal **sensitive data** from compromised devices, increasing risk for mobile banking and payment u...

Open Happening

Klopatra Android banking Trojan account-draining activity

Malware Activity
First: 30.09.2025 23:28 Last: 30.09.2025 23:28 Sources 1

About this happening: The **Klopatra** Android banking Trojan is actively stealing credentials and draining bank accounts, creating covert fraud risk for **more than 3,000 infected devices** in **Italy...

Open Happening

Timeline

  1. 19.03.2026 16:30 2 articles · 2mo ago

    Global mobile banking malware campaign disclosed

    Initial Disclosure

    Zimperium zLabs says a global mobile banking malware campaign is targeting 1243 financial brands across 90 countries, with 34 active malware families affecting apps downloaded more than three billion times. The activity increasingly originates on user devices, where malware can intercept authentication codes, monitor live sessions, mimic legitimate app behavior, and use techniques such as blackout modes to hide transactions while TsarBot, CopyBara and Hook account for more than 60% of banking and fintech app targeting.

    Show sources
    Open in new tab