2020 Banking Malware Report

Share this post

2020 has been a year marked by a virus, not one of the ones we usually talk about, but a biological one. COVID-19 monopolized people’s attention the past year, including among malware developers.

As we discussed in one of our posts, malware authors have used the pandemic to distribute rogue applications that were actually hiding malicious code to steal user data.

A large part of malware families, both banking and non-banking, have tried to take advantage of the health crisis through fraudulent campaigns in which their creations were distributed as if they were contacted tracing apps. Some of the families that have used this type of campaign are common knowledge, and we’ve talked about them before, as is the case with Cerberus.

Looking beyond the situation that’s appeared due to COVID-19, 2020 has been a year similar to 2019. New families of malware have appeared on both mobile devices and desktops, although as we expected, it appears that malware on mobile devices is on the rise. We say this because during 2020 we have seen the birth of three new families of banking malware for Android devices, while the families we are already familiar with, such as Cerberus and Anubis Bankbot, have remained among the most popular and active.

Even though malware for Android is growing, as we’ve previously mentioned, mainly due to the fact that all banking operations can now be carried out from mobile phones, ransomware has also continued to grow both on desktop systems and on mobile devices, but especially on desktop, mainly through attacks on companies to hijack and steal important documents.

This year, in addition to ransomware encrypting the victim’s files and asking for a ransom to give them back, it has also become fashionable for it to steal these files and ask the victim to pay extra in order to prevent the content of said files from being published, in a technique that has been dubbed doxing.

This new strategy is particularly successful in attacks on companies, which handle confidential customer information and don’t want this data to end up being published on the internet.

In short, 2020 has been the year of Android banking malware and desktop ransomware, and in 2021 this trend is expected to continue, as ransomware is the malware that reaps the most benefits while also being the simplest to develop.

Below are the most interesting and newest malware families that 2020 has given us.


Submitted by buguroo

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?