Bad behaviour: How to detect banking malware

27 February 2023

Mobile banking users are being manipulated by attackers to authorize fraudulent transactions. Learn what financial service providers can do to render these organized crimes powerless.

A few months ago, the Group-IB Threat Intelligence team detected the activity of a mobile Android trojan – Godfather. We unraveled how a reincarnated Anubis Trojan metastasized to target the users of 400 banks, crypto services, and fintech companies in 16 countries, including the US, France, Spain, Italy, Turkey, Germany, the Netherlands, etc.

Although old malware samples get upgraded and new malware strains appear regularly, they all share similar goals and use similar methods to defraud users, which allow detection without a malware signature. Calling out bad Trojan behavior can help detect fraud attempts more effectively. That’s what we intend to talk about in the blog: what are the indicators that we use to identify new or modified Trojans to stop fraud attempts?

The purpose of the blog is to make customers and businesses aware of how banking malware is leveraged by attackers to steal sensitive financial information and review the tell-tale signs of mistakenly downloading one. Also, we discuss what steps financial institutions can take to assertively defend their customers and improve security...read more!

Ectacom HQ Munich

ectacom GmbH
+49 8102 8952-0
Friedrich-Bergius-Str. 12
D-85662 Hohenbrunn


ectacom Salesoffice
+43 (1) 3619986 12
Am Europlatz 2
A-1120 Wien


ectacom Salesoffice
+48 501 295 580
This email address is being protected from spambots. You need JavaScript enabled to view it.