Financial malware activity dropped in 2020 as creators honed their wares
Financial malware activity has dropped across PCs and mobile devices during the 2020 pandemic, cybercriminals used the time to plan more malicious propagation techniques, both new and evolved from previous methods.
Kaspersky's Financial Cyberthreats in 2020 report found that while mobile devices generally provide a lucrative way of spreading threats, it seems that criminals are choosing to target different geographies than in previous years.
Kaspersky defines financial malware as targeting users of financial services including online banking, payment systems, e-money services, e-shops, and cryptocurrency services.
Last year, more than 625,000 users were affected by banking trojans, with Zbot, CliptoShuffler and Emotet being the most common malware detections.
36% of users hit by banking malware are corporate users – an increase of one percentage point from the previous year.
The report also includes a focus on Android banking malware. The report notes, “This year, the number of users attacked by Android banking malware rapidly dropped by more than 55%: from 675,772 in 2019 to 294,158 in 2020.
Japan, Taiwan, Spain, Italy, Turkey, Republic of Korea, Russia, Tajikstan, Poland, and Australia were the most targeted countries targeted by Android banking malware in 2020.
Kaspersky researchers note that it is a marked change from the top 10 targeted countries in 2019: Namely, Russia, South Africa, Australia, Spain, Tajikstan, Turkey, the United States, Italy, Ukraine, and Armenia.
“In 2020, we observed a number of new countries becoming a hotbed for cyber-infections. The clearest example of this is Japan, which faced a wave of attacks from the Wroba.g banking Trojan. The bright side here is that most of these attacks can be prevented. Therefore, we urge users to take extra care when conducting mobile financial transactions,” explains Kaspersky security expert Victor Chebyshev.
In 2019, the most common Android banking malware includes Asacub, Svpeng, Agent, Faketoken, Hqwar, Anubis, Marcher, Rotexy, Gugi, and Regon. In 2020, the list looks similar but there are changes, with Cebruser, Hqwar, and Knobot popping up.
Researchers warn, “even though the general statistics look positive, we have to consider the massive threat landscape still faced by financial organisations.
Kaspersky recommends the following:
- Only install applications from reliable sources such as official stores
- Check what permissions the application requests – if they do not match the program's functions, then they should be questioned
- Install a trusted security solution to protect you against a wide range of financial cyber threats
- Install all latest updates and patches for existing software on a continuous basis