Banking trojans were once considered yesterday’s problem, but 2025 has shown they’re back they came back smarter. These aren’t the clunky keyloggers of the past. Modern trojans target mobile banking apps, abuse Accessibility permissions, and use overlays to trick users into handing over credentials and even bypassing two-factor authentication.

Some families now go further. In mid-2025, researchers reported RatOn, a trojan that exploited NFC features to make fraudulent contactless payments. Long-running names like Anatsa have resurfaced with fake “maintenance” screens that hide theft in progress, while multifunction variants like Hook v3 combine credential theft with remote access and extortion.

Why the comeback? Smartphones are now central to finance, and app-stores are flooded with lookalike apps. Attackers also operate on a service model, leasing trojans with plug-ins to affiliates, much like ransomware gangs. The result: more victims, more stolen funds, and shaken confidence in mobile banking.

Protect Yourself

• Install apps only from official stores and verify the developer.
• Never grant Accessibility permissions unless absolutely necessary.
• Enable your bank’s strongest security features (biometrics, device attestation).
• Be suspicious of “maintenance” messages or repeated approval prompts.

Banking trojans didn’t disappear, they adapted. With smartphones holding both our wallets and our identities, one careless tap could be all an attacker needs.