Skip to main content

Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise.




An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF).


Other frequently targeted countries include Poland, Australia, the U.S., Germany, the U.K., Italy, France, and Portugal.


"The most worrying leitmotif is the increasing attention to On-Device Fraud (ODF)," Dutch cybersecurity company ThreatFabric said in a report shared with The Hacker News.


"Just in the first five months of 2022 there has been an increase of more than 40% in malware families that abuse Android OS to perform fraud using the device itself, making it almost impossible to detect them using traditional fraud scoring engines."



Hydra, FluBot (aka Cabassous), Cerberus, Octo, and ERMAC accounted for the most active banking trojans based on the number of samples observed during the same period.




Accompanying this trend is the continued discovery of new dropper apps on Google Play Store that come under the guise of seemingly innocuous productivity and utility applications to distribute the malware -


Nano Cleaner (com.casualplay.leadbro)

QuickScan (com.zynksoftware.docuscanapp)

Chrome (com.talkleadihr)

Play Store (com.girltold85)

Pocket Screencaster (com.cutthousandjs)

Chrome (com.biyitunixiko.populolo)

Chrome (Mobile com.xifoforezuma.kebo)

BAWAG PSK Security (com.qjlpfydjb.bpycogkzm)

What's more, on-device fraud — which refers to a stealthy method of initiating bogus transactions from victims' devices — has made it feasible to use previously stolen credentials to login to banking applications and carry out financial transactions.


To make matters worse, the banking trojans have also been observed constantly updating their capabilities, with Octo devising an improved method to steal credentials from overlay screens even before they are submitted.




"This is done in order to be able to get the credentials even if [the] victim suspected something and closed the overlay without actually pressing the fake 'login' present in the overlay page," the researchers explained.


ERMAC, which emerged last September, has received noticeable upgrades of its own that allow it to siphon seed phrases from different cryptocurrency wallet apps in an automated fashion by taking advantage of Android's Accessibility Service.



Accessibility Service has been Android's Achilles' heel in recent years, allowing threat actors to leverage the legitimate API to serve unsuspecting users with fake overlay screens and capture sensitive information.


Last year, Google attempted to tackle the problem by ensuring that "only services that are designed to help people with disabilities access their device or otherwise overcome challenges stemming from their disabilities are eligible to declare that they are accessibility tools."




But the tech giant is going a step further in Android 13, which is currently in beta, by restricting API access for apps that the user has sideloaded from outside of an app store, effectively making it harder for potentially harmful apps to misuse the service.


That said, ThreatFabric noted it was able to bypass these restrictions trivially by means of a tweaked installation process, suggesting the need for a more stricter approach to counteract such threats.


It's recommended that users stick to downloading apps from the Google Play Store, avoid granting unusual permissions to apps that have no purpose asking for them (e.g., a calculator app asking to access contact lists), and watch out for any phishing attempts aimed at installing rogue apps.


"The openness of Android OS serves both good and bad as malware continues to abuse the legitimate features, whilst upcoming restrictions seem to hardly interfere with the malicious intentions of such apps," the researchers said.


#THN


#osutayusuf

Comments

Popular posts from this blog

Lab Student Drowned, Body Missing in Rokoze Lake in Nyadri Sub-county, Maracha District.

Maracha District.  5-December-2025. 📸: Residents gathered around the lake as they searched the missing body of the student. Photo by #Information_is_Power's news reporter.  This afternoon Friday 5-December-2025, a student from St Joseph Laboratory Training School in Maracha hospital, a one  Araku Denis drowned in Rokoze water body in Nyadri Sub-county and the  body has not been retrieved upto this night as the police and residents searched for it and in vain but they are expected to resume retrieving it tomorrow Saturday 6-December-2025. 📸: Photo of the deceased which we captured on his phone screen this night. Araku and his fellow students had  reportedly gone to pass time at water point after completing exams papers of today. Him and callagues got attracted to swimming at water body where he perished.  By press time, efforts to retrieve his body proved futile as the body remains invisible on water surface.  Rokoze water body...

Hon Oguzu Lee Denis Drags to Court, Maracha Constituency MP-Elect Uhuru Nelson and Electoral Commission.

Story by Osuta Yusuf.  Maracha District 6-April-2026. Following the 15-1-2026 general election, the two term MP for Maracha Constituency, Hon Oguzu Lee Denis has dragged to court the Winner for Maracha Constituency MP election, Uhuru Nelson as the first respondent and Election Commission as the second respondent.  📸: Copy of the court document shared in NEWS PLATFORM, one of the WhatsApp groups in WestNile region. In a document dated 1-April-2026 filed at Arua High Court, it's not yet clear which grounds the petitioner, Hon Oguzu Lee Denis has used to challenge the victory of the NRM Party candidate Uhuru Nelson.  It should be noted that, the NRM Party candidate Uhuru Nelson was declared the winner of the 15-1-2026 general election after he garnered 13,696 votes, followed by Independent candidate Obeta Moses Drakua who garnered 9,247 votes, the incumbent MP Hon Oguzu Lee Denis (FDC) fell in the third position after he got 3,290 votes, Eng. Aguta Sam (Independent) got 686...

Famous Arua City TikToker Arrested on Allegations of Lesbianism Act.

Arua City. 20-2-2026. A famous TikToker from Arua City, WestNile region, in the names of Torrero Bae was arrested on Wednesday 18-2-2026 and taken to Onduparaka Police Station on Allegations of engaging in Lesbianism acts with another girl. Story excerpts from the Facebook account of Kawawa Michael.  📸: Part of the screenshot  📸: Screenshot from Facebook.  I have spoken to a reliable source from Onduparaka Div police HQS  As concerns the case of these girls  It's true they have confessed to being lesbians and the whole of their dancing group is involved  She comes from a good family and the mother is a teacher by profession I will hide her names  It's alleged that she started her lesbiansim from school that is why she ran away from the mother that is according to her mother who was present at Onduparaka today  Police is trying to apprehend the whole group then make a decision on the file at the moment other...