Efficient Detection of Mobile Banking Trojans on Android using Gaussian Naïve Bayes

Najiahtul Syafiqah Ismail; Anis Athirah Masmuhallim; Nadiathul Raihana Ismail

Authors

Najiahtul Syafiqah Ismail Universiti Teknologi Mara Cawangan Terengganu, Kuala Terengganu, 20100, Terengganu, Malaysia
Anis Athirah Masmuhallim Universiti Teknologi Mara Cawangan Terengganu, Kuala Terengganu, 20100, Terengganu, Malaysia
Nadiathul Raihana Ismail Politeknik Kuching Sarawak (PKS), 93050 Kuching, Sarawak, Malaysia

Keywords:

Android malware, Gaussian Naïve Bayes, banking Trojan, static analysis, mobile security

Abstract

The increasing reliance on mobile banking services has made Android smartphones a primary target for cybercriminals, particularly through banking Trojans. These malicious applications impersonate legitimate banking apps to steal sensitive information such as login credentials and authentication codes. In 2024, global banking Trojan attacks rose to 1.24 million with high infection rates reported in countries like Turkey (5.7%), Indonesia (2.7%) and India (2.4%). The growing sophistication and regional spread of such threats emphasize the need for efficient, real-time mobile security solutions. This study presents a lightweight malware detection model using the Gaussian Naïve Bayes (GNB) algorithm to identify banking Trojans based on static analysis of Android Package (APK) files. Features such as permissions, API usage and application metadata were extracted from a labeled dataset. The model was trained and validated using a 70:30 data split, achieving a classification accuracy of 95.83%. The GNB classifier’s probabilistic framework and low computational overhead make it ideal for deployment in resource constrained mobile environments. The results highlight the potential of GNB as a practical and scalable solution for early-stage mobile malware detection. Future work will focus on extending the framework with dynamic analysis and ensemble methods to address evolving malware threats.