Mobile Banking Trojan
Malicious Android apps that overlay fake login screens on top of legitimate banking apps to steal credentials and one-time codes in real time.
Also known as: android banking trojan, overlay malware, mobile credential stealer
Last reviewed: 10 June 2026
Mobile banking trojans are a category of Android malware that targets financial applications specifically. When the victim opens their banking app, the trojan detects the launch and instantly overlays a pixel-perfect fake login screen. Any credentials entered are transmitted to the attacker while the trojan shows an error message and then allows the real app to open, so the victim may not notice anything wrong. Advanced trojans also intercept incoming SMS messages to harvest two-factor codes before the user sees them.
Banking trojans are distributed via third-party app stores, malicious advertising networks, smishing links, and occasionally through trojanised apps that reach official stores before review catches them. They typically request accessibility permissions during installation, which grant them the ability to read screen content and interact with other apps.
Consumers should install apps only from official stores, pay close attention to permission requests during installation, keep Android security patches up to date, and use the official app for banking rather than mobile web browsers. An unexpected error on your banking app's login screen is a warning sign worth investigating.