Kaspersky Lab discovers an increase in mobile banking malware at an alarming rate. In the first quarter of 2019 (Q1), it detected around 30,000 installation packages for mobile banking Trojans, which is 11,000 more than in Q4 2018.
This year, the number of malicious apps in the Google Play Store has also increased. The aim of these apps is to steal credentials of online banking apps.
As people increasingly use mobile phones, the banking applications have become an important part to manage everyday finance. This has resulted in banking app malware especially targeting Android operating system. Despite its dominance, users are continuously underestimating it.
Key findings of the IT threat evolution report by Kaspersky Lab:
1. High growth in mobile financial threats
The malware authors used active bots to send malicious links to the contacts in already infected smartphones. This made several large-scale distribution attempts, reaching up to 13,000 unique users per day.
Second, Q1 2019 saw a rise in the number of malicious apps in the Google Play Store which were mainly aimed at stealing user credentials from Brazilian online banking apps. Although these infected apps were in the popular platform, yet the number of downloads was very low. It was believed that the cyber criminals could not trick people with malicious apps.
2. Mobile banking Trojans on the rise
In Q1 2019, Kaspersky detected around 30,000 installation packages for mobile banking Trojans, which is 11,000 more than in Q4 2018.
Trojan-Banker.AndroidOS.Svpeng Malware held 20% share among all the banking Trojans detected. Another prevailing malware was Trojan-Banker.AndroidOS.Asacub (18%), followed by Trojan-Banker.AndroidOS.Agent (15%).
In the reporting period, five of the banking threats out of 10 were the members of the Trojan-Banker.AndroidOS.Asacub family. The number of users attacked by this Trojan reached 13,000 per day.
With Trojan-Banker.AndroidOS.Agent.ep, around 3,000 users were attacked per day. However, due to low demand for the Trojan, the average users attacked were dropped to less than 1000 by the end of the quarter. The cyber criminals transitioned into a two-stage system of infection using Trojan-Dropper.AndroidOS.Hqwar
3. Top 10 countries by share of users attacked by mobile banking Trojans
The most common malware attempts registered in Australia were through Trojan-Banker.AndroidOS.Agent.eq and Trojan-Banker.AndroidOS.Agent.ep. However, both malwares were used to attack people globally and not exclusive to the country Australia itself. Turkey is the second most attacked country with 0.73%, followed by Russia (0.64%) at the third place.
4. The US faced the highest number of mobile ransomware attacks
In the beginning of Q1 2019, 27,928 installation packages of mobile ransomware were detected, around 4,000 higher than the previous quarter. In this, the malware of Svpeng family was detected four times in the top 10 most common ransomware installation packages.
The Top 3 countries by number of unique users attacked by mobile ransomware, as in Q1 2019, were:
- the US (1.54%)
- Kazakhstan (0.36%), and
- Iran (0.28%)
5. Cybercriminals developing fake apps to steal credentials
The DanaBot banking Trojan continued to spread actively. The virus was delivered through spam emails which contained infected Office documents. There were malware attempts to steal money from bank accounts of almost 243,604 users.
Fake banking apps were used by cybercriminals to gain users trust. They bet everything to imitate a real banking application till the user enters sensitive information. They presented their genuineness through the app icons, preview images, and description to get the banking credentials from unsuspecting users.
Apart from attacking banking apps, the attacks were also targeted on booking apps, social media apps, app stores, etc.
Mobile banking malwares does more damage through sophisticated banking Trojans than phished banking credentials which is a worrying threat for users. No doubt, the mobile devices especially Android OS will be a pleasant target for cyber criminals.
For full report, click here.