Zimperium’s 2023 Mobile Banking Heists Report Finds 29 Malware Families Targeted 1,800 Banking Apps Across 61 Countries in the Last Year

Threat landscape shows continued investment by threat actors financially motivated to “follow the money” as banking via a mobile app becomes increasingly ubiquitous

DALLAS, December 14, 2023Zimperium, the only mobile-first security platform for mobile devices and mobile apps, today released its annual Mobile Banking Heists Report, which highlights the continued evolution and success of mobile banking trojans around the globe. In particular, the research uncovered that 29 malware families targeted 1,800 banking applications across 61 countries last year. In comparison, last year’s report uncovered 10 prolific malware families targeting 600 banking apps.

Banking trojans continue to evolve and succeed due to their ability to persist, bypass security, and evade detection on mobile devices. As investment from fast-moving threat actors continues to increase, traditional security practices are unable to keep up.

The research also revealed that United States banking institutions remain by far the most targeted by financially motivated threat actors. There were 109 U.S. banks targeted by banking malware in 2023, compared to the next most targeted countries which were the U.K. (48 banking institutions) and Italy (44). The report also noted that trojans are evolving beyond simple banking apps, targeting cryptocurrency, social media, and messaging apps.

“Mobile banking security is currently in a high-stakes scenario, with numerous threat actors posing substantial risks. This report shows the sophistication, adaptability, and scalability of banking trojans and their widespread impact on mobile applications across the globe,” said Nico Chiaraviglio, Chief Scientist of Zimperium. “We are seeing that they are finding ways to bypass traditional defenses, which is why it is critical that banking and financial organizations employ comprehensive, real-time, on-device mobile security to combat these intelligent adversaries.”

Other key findings highlighting the real threat of mobile banking malware include:

  • Traditional banking applications remain the prime target, with a staggering 1,103 compromised apps —accounting for 61% of the 1800 targets—while the emerging FinTech and Trading apps make up the remaining 39%.
  • Hook, Godfather, and Teabot are the top banking malware families, measured by the number of banks targeted.
  • The 19 malware families from last year’s report have evolved with new capabilities, and 10 new families have been identified as a threat in 2023.
  • New capabilities observed within banking malware this year include:
    • Automated Transfer System (ATS): A technique that facilitates unauthorized transfers of money.
    • Telephone-based Attack Delivery (TOAD): Involves a follow-up call to gain trust and download more malware.
    • Screen Sharing: Being able to remotely control a victim’s device without having physical access to it.
    • Malware-as-a-Service (MaaS): An online business model offering malware creation tools for rent or sale, facilitating easy execution of cyberattacks.

These findings illustrate a dynamic and expanding mobile threat landscape that necessitates the need for a mobile-first security strategy, one that is comprehensive, autonomous, and relentlessly focused on combating today’s mobile banking trojans. Rather than reacting to threats, organizations must embrace proactive real-time threat visibility and protection as we evolve from a standard-based approach to one that factors in real-world threats.

“By monitoring millions of devices, Zimperium has identified alarming figures highlighting how widespread, global, and successful mobile banking malware can be,” said Jon Paterson, Chief Technology Officer at Zimperium. “Cybercriminals continue to target traditional banking apps and FinTech & Trading apps because of the widespread use of dated app security techniques that are falling short. Zimperium enables global businesses to realize the full potential of mobile-powered businesses with its Mobile-First Security Platform™ that delivers unmatched security across both applications and devices.”

Protecting Apps from Malware

To combat these rising threats, enterprises should:

  • Ensure protection matches threat sophistication: Advanced code protection techniques elevate the security posture to a point where the cost and effort of attacking an application outweighs the potential gains for the attacker.
  • Implement runtime visibility for comprehensive threat monitoring and modeling: Mobile application security leaders must enable runtime visibility across various threat vectors, including device, network, application, and phishing. This real-time insight allows for active identification and reporting of risks, threats, and attacks.
  • Deploy on-device protection for real-time threat response: Mobile application security leaders should prioritize implementing on-device protection mechanisms that enable apps to take immediate actions upon threat detection. This ability to take action should be autonomous, requiring no dependency on network connectivity or back-end server communication.

From growing fraud losses, increased operational costs, and decreased consumer trust and brand impact, it’s crystal clear that banking malware is evolving to make mobile banking fraud even more pervasive. A proactive and adaptive security posture is no longer optional but essential. Zimperium’s industry-leading Mobile Application Protection Suite uniquely provides banking institutions with comprehensive device attestation, runtime visibility, advanced application shielding, and protection.

To read the full findings from the report and to see how a mobile-first security strategy is essential to protecting today’s banking institutions, click here. To learn how to protect your organization from banking malware, click here.

About Zimperium

Zimperium enables companies to realize the full potential of mobile-powered business by activating a Mobile-First Security Strategy. Built for the demands of mobile business, Zimperium’s Mobile-First Security Platform™ delivers unmatched security across both applications and devices. Only Zimperium delivers autonomous mobile security that dynamically adapts to changing environments so companies can capitalize on the new world of mobile-powered opportunities, securely. Zimperium is headquartered in Dallas, Texas and backed by Liberty Strategic Capital and SoftBank. For more information, follow Zimperium on Twitter (@Zimperium) and LinkedIn, or visit www.Zimperium.com.


Lisa Bergamo


(650) 380-9250

Sena McGrand


Get started with Zimperium today