2023 witnessed a substantial rise in the number of users encountering mobile banking Trojans, with attacks on Android users surging by 32 percent, compared to 2022, according to the annual Financial Threats Report for 2023 by Kaspersky.
The report reveals significant increases in mobile banking malware and cryptocurrency-related phishing, signaling growing threats to digital financial assets.
The most prevalent banking trojan was Bian.h, accounting for 22 percent of all Android attacks. Geographically, Afghanistan, Turkmenistan, and Tajikistan recorded the highest shares of users encountering banking Trojans, while Turkey saw the most mobile attacks, with almost three percent of users affected (2.98%), the IT security firm said.
While the number of users affected by financial PC malware saw an 11 percent decline in 2023, Ramnit and Zbot were identified as the predominant PC malware families, targeting more than 50 percent of affected users. Consumers continued to be the primary target, accounting for 61 percent of all attacks.
In 2023, financial phishing remained a significant threat, accounting for 27 percent of all phishing attacks on corporate users and 31 percent on home users. E-commerce brands were identified as the top lure, with 42 percent of financial phishing attempts.
Amazon emerged as the most mimicked online store, accounting for 34 percent of phishing attempts, followed by Apple at 19 percent and Netflix at 15 percent. PayPal was the most targeted payment system, with 55 percent of attacks.
Crypto scams
Cryptocurrency-related phishing and scams continued to grow, with Kaspersky preventing 5,838,499 attempts to follow cryptocurrency-themed phishing links – a 16 percent increase over 2022. Scammers mimicked cryptocurrency exchanges and offered coins in the name of large enterprises like Apple.
“Money has always been a magnet for cybercriminals, and a substantial portion of malware attacks are financially motivated,” Igor Golovin, security expert at Kaspersky. “The surge in mobile malware witnessed last year highlights a concerning trend in cybercrime. With the emergence of new and aggressive malware strains, attackers are evolving their tactics to target mobile devices more aggressively. This underscores the imperative for individuals and businesses to maintain heightened vigilance, update protective measures, and fortify device security accordingly.”
To stay safe from mobile malware, Kaspersky recommends:
It’s safer to download your apps only from official stores like Google Play or Amazon Appstore. Apps from these markets are not 100 percent failsafe, but they get checked by shop representatives and there is some filtration system — not every app can get into these stores.
Check the permissions of the apps that you use and think carefully before permitting an app, especially when it comes to high risk permissions such as permission to use Accessibility Services.
A reliable security solution can help you to detect malicious apps and adware regardless of their obfuscation techniques before they can start behaving badly on your device.
A good piece of advice is to update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.