Trojan banker attacks on Android rise 196% in 2024

Kaspersky reports a marked rise in Trojan banker attacks on Android smartphones in 2024, with a tripling of incidents noted compared to the previous year.

According to a report highlighting the mobile malware threat landscape, Kaspersky noted a 196% increase in the number of attacks targeting smartphones globally. The report, "The mobile malware threat landscape in 2024", published by the company, detailed over 33.3 million attacks involving diverse malware and unwanted software across the year.

Kaspersky identified a significant increase in Trojan banker attacks, rising from 420,000 attacks in 2023 to 1,242,000 in 2024. This type of malware is used by cybercriminals to illicitly obtain banking credentials, affecting services such as online banking, e-payment services, and credit card systems.

The shift in tactics by cybercriminals has been noted, with a focus on widespread distribution strategies. These strategies involve disseminating malicious links via SMS and messaging applications, as well as through attachments sent using messaging services. In some cases, fraudsters use compromised accounts to convey an appearance of legitimacy, and often leverage current events to exploit urgency and lower vigilance among their victims.

Anton Kivva, a Security Expert at Kaspersky, emphasised the importance of vigilance against these escalating threats. "Scammers have started to scale down their efforts to create unique malware packages, focusing instead on distributing the same files to as many victims as possible. It is more important than ever to be cyber-literate and educate your loved ones – from children to the elderly – because no one is completely safe from well-crafted scams and psychological tricks designed to steal banking data," he stated.

Despite their rapid rise, Trojan bankers constituted 6% of the overall category of attacked users, ranking fourth. The most prevalent category, according to Kaspersky, remains AdWare at 57%, followed by general Trojans with 25% and RiskTools with 12%. This classification includes malware, adware, and other unwanted software.

On average, cybercriminals initiated 2.8 million attacks monthly throughout 2024, leading to a total of 33.3 million blocked incidents by Kaspersky's security products over the year.

Amongst the most active threats was Fakemoney, a cluster of scam applications posing as investment opportunities with false payout promises. Another notable threat involved unofficial variants of WhatsApp containing Triada-type Trojans. These can execute additional malicious activities such as displaying unauthorised ads. These WhatsApp modifications were third in activity behind a category of generic cloud-based threats.

Kaspersky shared several strategies to mitigate mobile threats. They warned that even official app stores like the Apple App Store and Google Play are not infallible, as demonstrated by the discovery of SparkCat, a screenshot-stealing malware. It appeared on both platforms with 20 such infected apps documented.

Recommendations include assessing app reviews, downloading from official sources, using reliable security software like Kaspersky Premium, and scrutinising app permissions, especially those involving high-risk permissions such as Accessibility Services. Updates to operating systems and applications should be installed promptly to address potential vulnerabilities.