Banking Trojan

Since August 2024, BankBot.Remo variants use WebSocket chunked downloads on spoofed Google Play pages to deliver malware as fake payment/identity apps like IdentitasKependudukanDigital.apk; over 100 Alibaba/Gname domains evade filters—monitor WebSockets and block C2 for defense.

ToxicPanda, a sophisticated Android banking trojan, has infected over 4,500 devices in Europe, targeting banking apps to steal credentials. Learn about its techniques and impact.

The Coyote banking Trojan, active since February 2024, is the first malware to exploit the Windows UI Automation framework, targeting banks and crypto exchanges in Brazil. Learn how it operates and the risks involved.

Discover the significant rise in Android malware activity in Q2 2025, including a surge in banking trojans and sophisticated spyware threats. Learn about the latest findings from Dr.Web Security Space and how to protect your device.

Discover how the Anatsa banking trojan infected 90,000 users through a fake PDF app on Google Play. Learn about the tactics used by cybercriminals and how the malware operates to steal banking credentials.

The GodFather banking malware has evolved, utilizing on-device virtualization to hijack legitimate banking and cryptocurrency apps. Discover how this advanced threat operates and its implications for mobile security.

The investigation into the ₹11.55 crore cyber fraud at Himachal Pradesh State Cooperative Bank has led to multiple arrests. Learn about the hacking incident, ongoing investigations, and cybersecurity measures.

A dangerous Android banking malware named TsarBot is spreading rapidly, targeting over 750 banking, finance, cryptocurrency, and e-commerce apps worldwide. It uses fake login screens, phishing sites, and remote control techniques to steal user credentials and execute fraudulent transactions.

A dangerous banking trojan named Anatsa (TeaBot) was found hiding in a File Manager and Document Reader app on Google Play. Before it was removed, the app had over 220,000 downloads and targeted users worldwide. This malware steals banking passwords, bypasses two-factor authentication (2FA), and enables hackers to transfer money from victims' accounts.

New variants of the TrickMo banking trojan can now capture Android unlock patterns and PINs, allowing attackers to access locked devices. By using a deceptive user interface that mimics the actual unlock screen, TrickMo tricks victims into revealing sensitive information. This malware can also steal one-time passwords (OTPs) and execute unauthorized transactions across various applications, reflecting a 29% increase in mobile attacks, particularly targeting users in India.