Surge in Android malware targeting banking: 200,000 UK victims likely hit in six-month spike

Surge in Android malware targeting banking: 200,000 UK victims likely hit in six-month spike

• International crime groups at heart of mobile attacks

• Malicious apps now mimic trusted tools to steal banking details, experts warn

• 5 tips to help consumers protect themselves from growing scam

Cybercriminals are ramping up attacks on UK consumers, with advanced Android malware campaigns putting over 200,000 potential victims at risk of fraud in just six months. At least 12 active groups are behind the surge, targeting more than 40 banks in over 7,600 mobile malware frauds, according to cybersecurity firm, ThreatFabric.

In response, the Cyber Defence Alliance (CDA), UK Finance, Cifas, and ThreatFabric have come together to warn consumers about the alarming rise in mobile banking malware threatening Android users, who are significantly more likely to be targeted – although other mobile platforms are not immune.

How the malware works

These malicious apps often look like legitimate tools – such as file managers, PDF readers, phone cleaners, or even browsers like Google Chrome. Once installed, they can appear harmless but later activate harmful features through hidden updates.

Key techniques criminals use include:

• Overlaying fake login screens on top of real banking apps to steal log in credentials.

• Displaying deceptive ‘busy’ or ‘waiting’ screens to mask fraudulent activity.

• Preventing users from exiting the app or restarting their device.

• Requesting excessive permissions, especially ‘accessibility’ access.

Consumers are advised to be vigilant particularly when:

• Prompted to reauthenticate during a banking session.

• Encountering unresponsive banking apps showing ‘busy’ messages.

• Installing generic-looking apps like file managers or phone cleaners.

• Receiving unexpected prompts to install or update Chrome.

• Being asked to grant unusual permissions, particularly accessibility access.

Han Sahin, CEO of ThreatFabric, commented: ‘As mobile banking becomes universal, criminals have shifted their focus to this space, leading to an exponential increase in malware attacks. They exploit users’ trust in their devices and app stores. The impact on victims can be devastating.

‘Just as we’ve learned to be cautious with links, we now need the same vigilance when installing apps. This is the logical next step in staying safe, and public awareness is crucial.’

Garry Lilburn, Operations Director at CDA, commented: ‘This crime highlights the growing prevalence and sophistication of mobile malware.

‘As we work to better understand and disrupt this evolving threat, it’s crucial that financial consumers stay vigilant, follow recommended security tips, and take a moment to verify what’s in front of them – before becoming the next victim of this highly targeted fraud.’

Dianne Doodnath, Principal of Economic Crime at UK Finance, said: ‘We encourage customers to stay alert to all threats of fraud, including the potential for criminals to trick people into downloading malware onto phones which could put your personal and finance information at risk of theft.

‘It’s important that you keep your phone security system up to date and always download from trusted sources to ensure you’re protected from the risk of fraud and data harvesting.’

Mike Haley, CEO of Cifas, added: ‘The surge in Android malware is not just a tech issue – it’s a growing threat to consumers and to banking services we all rely on. Criminals are evolving their tactics faster than ever, using deception and stealth to bypass traditional security measures.

‘The best defence is awareness. If something feels off – an unexpected update, a strange app request – stop before you tap and always seek a second opinion. Education and vigilance are our frontline tools in the fight against fraud.’

5 top tips to help keep consumers safe

• Only download apps from trusted sources like the Google Play Store.

• Check app reviews and developer information before installing.

• Keep your device’s operating system and apps up to date.

• Report suspicious apps or activity to your bank immediately.

• Be wary of apps requesting unnecessary permissions.

For more information about how to recover an infected device, visit the National Cyber Security Centre’s advice page. For further resources on how to protect yourself, visit the Government’s Stop! Think Fraud website.

ENDS

Notes to Editors

For more information, please contact press@cifas.org.uk.

About ThreatFabric

ThreatFabric is a Mobile Threat Intelligence and Online Fraud Detection company that delivers data-driven, AI-powered solutions to help safeguard businesses and their customers. The company’s Threat Intelligence and SDK-based platform are designed to address challenges such as malware-assisted fraud, APP fraud, scams, impersonation fraud, account takeover, and information theft.

ThreatFabric focuses on protecting online customer journeys by providing alerts before transaction signing. This approach helps maintain brand reputation and fosters loyalty, confidence, and trust among clients.

About Cyber Defence Alliance

The Cyber Defence Alliance (CDA) is a not-for-profit organisation. It performs a coordinating role, supporting banking members to prevent cyber-attacks, support law enforcement (LE) action, both collaboratively and proactively against cybercriminal networks, and helps prepare members to counter emerging fraud and cyber threats.

About UK Finance

UK Finance is the collective voice for the banking and finance industry. Representing more than 300 firms across the industry, we act to enhance competitiveness, support customers and facilitate innovation. 

Led by UK Finance, Take Five to Stop Fraud is a national campaign that offers straight-forward and impartial advice to help everyone protect themselves from financial fraud. 

About Cifas

Cifas is the UK’s leading not-for-profit fraud prevention service with nearly 800 members from across key economic sectors including banking, retail, insurance, and telecoms. Cifas protects businesses and individuals from fraud through the sharing of data and intelligence sharing between the private, public and third sectors.

In addition to providing products and services which help businesses prevent more than £2.1bn in fraud losses each year, Cifas delivers specialist training through its Cifas Fraud and Cyber Academy and Digital Learning programme.

Contact us at press@cifas.org.uk