Mobile Banking Heists On The Rise Worldwide: New Research from Zimperium Illuminates Growing Risk of Trojan Horse Malware

Report identifies 600+ mobile apps for banking, investing, cryptocurrency and more, examining the risk posed by 10 prolific trojan families targeting them

DALLAS – June 2, 2022 – Zimperium, the only mobile security platform purpose-built for enterprise environments, today published new research detailing the increasing risk financial institutions and consumers worldwide face due to Trojan horse malware targeting mobile applications. This new report titled, “Mobile Banking Heists: The Global Economic Threat,” examines more than 600 financial apps, which account for more than 1 billion downloads worldwide, and the degree to which 10 prolific banking trojan families target them. The report provides an audit of who these trojans target, how they’re deployed, how they work, and which countries are most impacted. 

“Not every trojan targeting mobile and banking apps is created equal – they’re disseminated differently, use different exploitation techniques, and vary in other degrees of reach and sophistication,” said Nico Chiaraviglio, VP of Security Research at Zimperium. “We’ve seen ad hoc reports of different banking trojans over the past few years, and anecdotally, people may have recognized that they’re increasing in scope and frequency. But until now, no one has taken a step back to analyze and understand the big picture. That’s exactly what our Zimperium zLabs mobile threat research team has done.”

In addition to a detailed examination of 10 major banking trojan families and the mobile apps they target, the report also chronicles how this threat is increasing. In fact, the malware known as both ExobotCompact.D and Octo was originally discovered in 2017, and is the oldest known banking trojan outlined in this report. The Android / Bianlian Botnet malware is the next oldest banking trojan assessed, and was discovered in 2018. The eight other banking trojans in the report were all discovered since 2020.

Among other key findings:

  • The most targeted mobile banking application is “BBVA Spain | Online Banking” with over 10 million downloads. This one application is targeted by 6 of the 10 reported banking trojans.
  • In the U.S., 121 financial applications are being targeted by banking trojans, accounting for more than 286,753,500 downloads. The U.K. and Italy are the next most-targeted countries with 55 and 43 apps targeted, respectively.
  • The top 3 mobile financial apps targeted by trojans focus on mobile payments and alternative asset investments, like cryptocurrency and gold. These three apps account for over 200,000,000 downloads globally.
  • The most prolific family of banking trojan is Teabot, which is being used to target 410 of the applications listed in the report.

Zimperium’s research team analyzes several hundred thousand applications each day with state-of-the-art machine learning models and other proprietary techniques. The samples covered in this report were collected and classified using this methodology.

To download a copy of Zimperium’s report titled, “Mobile Banking Heists: The Global Economic Threat,” visit

About Zimperium
Zimperium provides the only mobile security platform purpose-built for enterprise environments. With machine learning-based protection and a single platform that secures everything from applications to endpoints, Zimperium is the only solution to provide on-device mobile threat defense to protect growing and evolving mobile environments. Zimperium is headquartered in Dallas, Texas and backed by Warburg Pincus, SoftBank, Samsung, Sierra Ventures and Telstra. For more information, follow Zimperium on Twitter (@Zimperium) and LinkedIn (, or visit

Get started with Zimperium today