Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.

Most of us use financial apps on our Android devices. Cybercriminals aren’t ignorant of this. Year after year, more malicious and sophisticated Android Banking Trojans infect untold victims, leaving a wake of unseen financial destruction that ripples across families, friends, and loved ones.

What Is an Android Banking Trojan?

A banking Trojan is malware created to steal your online financial credentials. Once installed on a host device, it reports its financial information back to the party responsible for the infection.

Android banking Trojans tend to evolve and gain new features. For example, an Android banking Trojan originally used to capture financial credentials may also gain the ability to provide criminals with remote backdoor access, capture key presses, and other nasty features that can wreck the victim’s life.

BRATA (Brazilian RAT Android) is a perfect example. ZDNET reported in January 2022 that BRATA was initially created as spyware but evolved into a banking Trojan capable of accessing two-factor authentication (2FA) codes sent by a bank. BRATA uses that information to get into the victim’s bank account, literally commits wire fraud, and immediately factory resets the device to hide evidence of the crime.

How Do Banking Trojans Spread on Android?

The methods a banking Trojan uses to spread to Android devices include, but are not limited to:

  1. SMS messages.
  2. Emails.
  3. Malicious links.
  4. Compromised apps.
  5. Malicious ads in search results.
  6. Pop-ups on less than reputable sites.

Once a host device is infected, the banking Trojan may attempt to find leads on new hosts to spread to via the victim’s contact list.

How to Avoid Android Banking Trojans

Need a place to start? Set up 2FA on essential accounts like your email, Google, and financial accounts. Set up 2FA via an authenticator app like Google Authenticator rather than via text message. But if your financial institution uses 2FA via SMS, it’s better than nothing, so go ahead and activate it.

If you want to sideload an Android app, be sure that you are downloading the APK file from a reputable source: only use sites with safe Android APK downloads. Do your due diligence—not the “due diligence” of an anonymous poster on a forum or subreddit who claims to have done theirs.

This advice also applies to links. If you receive an SMS or email from a stranger with a link, don’t open it. If you receive a similar message from someone you know, but it’s written in a manner that’s uncharacteristic of them, confirm they actually sent it via another method. They may have Android malware on their device, and it’s messaging everyone in their contact list, as mentioned earlier.

An example of a PayPal/Coinbase phishing scam

This goes for the businesses and services you use every day. Don’t engage in messages or calls that seem suspicious and uncharacteristic. Instead, call their official toll-free number (though use email if it’s your only option). Ask about the message you received. If it’s legitimate, they’ll tell you.

And the same goes for the apps you use. If a financial app (or any app, really) asks you to enter your financial information, but the service looks irregular, reach out to the app’s customer service department and confirm they need the information and why.

What to Do if Your Device Is Infected With an Android Banking Trojan

If you become the latest victim to get an Android banking Trojan on your Android device—via a phishing scam, downloading a malicious file, or otherwise—don't panic. Be proactive and fix the situation rather than beating yourself up about it.

Start with locking down your finances. That means canceling and replacing your debit and credit cards immediately. Change the account number of your accounts, too. Then fill out the required information to dispute the unauthorized transactions that clued you in to the Android malware infection in the first place.

An image of dollar bills in a briefcase

We also suggest that you:

  • Freeze your credit.
  • Change all your passwords.
  • Use a password manager to save newly changed login credentials.
  • Set up 2FA via an authentication app for all applicable accounts.
  • Sign out of all accounts, like Gmail.
  • Call your phone carrier and ask about activating SIM swap protection.
  • Sign up for an identity theft protection and monitoring service.

Android Banking Trojans Can Wreck Your Life

If you woke up one morning and noticed your bank account was empty, would you know what to do next? If you have any doubts, use our advice and create a plan of action for yourself. Anyone can fall victim to a phishing or identity scam. How you handle it is what's most important.