New Kaspersky study shows the state of the mobile threat landscape in 2021. Attackers focus on bank and gaming account credentials. Users in Germany rank sixth among the countries most frequently affected by banking Trojans.
Over the past year, Kaspersky has seen a decline in attacks targeting mobile devices, while cybercriminals have focused their efforts on higher-risk – and therefore more profitable – avenues of attack against smartphone and tablet users. The challenge here is new, increasingly complex malware that breaks new ground, for example to steal access data and sensitive information from banking, gaming or other mobile applications.
All mobile access data are in focus
These insights come, among other things, from the Kaspersky analysis of the mobile threat landscape for the year 2021 [1]. Security experts are particularly concerned about the development of Trojans (malicious programs that can execute remote commands) aimed at smartphones and the like. Their share has doubled compared to the previous year and now accounts for 8,9 percent of all malware targeted against mobile devices worldwide. In addition, the security experts at Kaspersky discovered more than 95.000 new banking Trojans in the mobile sector worldwide last year.
Kaspersky's annual analysis of mobile threats shows a positive trend: The number of attacks on mobile users worldwide is declining and was 46 million in the previous year - in 2020 it was 63 million. Experts attribute this development in part to the wave of attacks at the beginning of the lockdown, when many were forced to work from home. During this time, various video conferencing and entertainment apps saw increased use, increasing the number and prevalence of attack vectors. Now that the situation has stabilized, cyber criminal activities seem to have decreased accordingly.
However, Kaspersky's experts believe it's still too early to sound the all-clear. In 2021, a total of 3,5 million malicious installation packages targeting mobile devices were detected globally. In addition, 80 percent of the attacks were carried out by malware and not by the more harmless types of adware or RiskTools - malicious programs with various functions that cannot be identified on the screen, for example.
Target mobile bank customers and gamers
However, the number of attacks with dedicated banking Trojans, i.e. programs designed to steal bank data and subsequently the assets themselves from users, has continued to increase. In 2021 there were around 2,4 million attacks, just 600.000 fewer than in 2020.
In 2021, users based in Germany were also among the most frequently attacked users via mobile devices using banking Trojans. The security experts at Kaspersky discovered a mobile banking Trojan at least once on 0,46 percent of the devices protected by a mobile Kaspersky solution in Germany last year. The country thus ranks sixth worldwide. The most affected users were from Japan (with 2,19 percent in first place) and Spain (with 1,55 percent in second place).
95.000 new versions of banking Trojans
The cybercriminals have actively developed the banking Trojans they use: Kaspersky discovered more than 95.000 new versions last year - many of them with improved functions. For example, the Fakecalls banking Trojan is now able to interrupt calls when the user tries to contact the bank and replace the audio recordings with prepared answers. In this way, the user is tricked into believing that they are speaking to a real bank employee or a robot's standard answering machine, causing the user to unknowingly provide sensitive information to the attackers. Other types of malware were more subtle. For example, the Sova banking Trojan is able to steal users' cookies and gain access to personal accounts in mobile banking apps without knowing login and password information. In addition, in 2021, cybercriminals were also targeting credentials for gaming services used on mobile devices. These are often later sold on the dark web or used to steal in-game goods from users. The first Gamethief-type Trojan [2] stole login credentials of the mobile version of PlayerUnknown's Battlegrounds (PUBG).
Declining attack numbers - but heavier attacks
"Although the number of attacks on mobile devices has decreased overall, the attacks we still see are more complex and harder to detect," said Tatyana Shishkova, security researcher at Kaspersky. “Cyber criminals tend to hide malicious apps under the guise of legitimate applications, which can often be downloaded from official app stores. In addition, as banking and payment apps become more prevalent, there is a greater likelihood that cybercriminals will target them even more actively. We advise Internet users to be careful and avoid downloading unknown apps. In addition, a reliable cyber security solution should be used. Especially when it comes to protecting financial data, it is better to be on the safe side.”
Kaspersky tips for protecting against threats against smartphones and tablets
- Only download apps from official stores such as the Apple App Store, Google Play or Amazon Appstore. Apps from these stores are not 100 percent secure, but at least they are checked by representatives of the store. There is also a filter system so that not every app can get into these stores.
- The permissions of the apps used should be checked, and the decision to download a particular app should be carefully considered. Especially when it comes to risky permissions like access services. For example, the only permission a flashlight app needs is for the flashlight itself; this doesn't even require access to the camera.
- A reliable security solution such as Kaspersky Security for Mobile [3] can help detect malicious apps and adware before they can do any damage.
- iPhone users have privacy controls provided by Apple and can block apps from accessing photos, contacts, and GPS features if they deem these permissions unnecessary.
- The operating system and important apps should always be updated as soon as updates are available. Many security issues can be resolved beforehand by installing updated software versions.
More information on Kaspersky's latest Mobile Threats in 2021 report is available online.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/
[1] https://securelist.com/mobile-malware-evolution-2021/105876/
[2] https://securelist.com/it-threat-evolution-q1-2021-mobile-statistics/101595/#osobennosti-kvartala
[3] https://www.kaspersky.de/enterprise-security/mobile