Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Mobile Malware Attacks Dropped in 2021 but Sophistication Increased

The number of mobile malware attacks saw a significant drop in 2021, but attacks were more sophisticated, according to the latest mobile malware report from Kaspersky.

The number of mobile malware attacks saw a significant drop in 2021, but attacks were more sophisticated, according to the latest mobile malware report from Kaspersky.

The cybersecurity firm’s products detected nearly 3.5 million malicious installation packages on mobile devices in 2021, far less than the 5.7 million detected in the previous year. However, it’s worth noting that the number recorded in 2021 is almost exactly the same as in 2019.

A majority of these infection attempts targeted users in Asian countries, with Iran, China and Saudi Arabia accounting for the highest attack percentages.

Unsurprisingly, a majority of the packages blocked by Kaspersky delivered adware and potentially unwanted software.

When it comes to banking trojans, which accounted for less than 3% of attacks (97,000 malicious installation packages), these threats mostly targeted users in richer countries, such as Japan, Spain, Turkey, France, Australia, Germany, Norway, Italy, Croatia and Austria.

Mobile banking trojans

As for mobile ransomware, the number of infection attempts dropped from approximately 20,000 in 2020 to 17,000 in 2021. These attacks mostly targeted users in Asia.

While the volume of attacks seems to have decreased, Kaspersky warns of an increase in sophistication, both in terms of malware functionality and attack vectors.

Advertisement. Scroll to continue reading.

In some cases, malicious code was loaded into popular mobile apps through advertising SDKs (e.g. Triada trojan). Cybercriminals have also managed in many cases to deliver their malware and scammy applications through Google Play and other official app stores.

“Banking Trojans acquired new capabilities in 2021,” Kaspersky said. “The Fakecalls banker, which targets Korean users, drops outgoing calls to the victim’s bank and plays pre-recorded operator responses stored in the Trojan’s body.”

It added, “The Sova banker steals cookies, enabling attackers to access the user’s current session and personal mobile banking account without knowing the login credentials. The Vultur backdoor uses VNC (Virtual Network Computing) to record the smartphone screen; when the user opens an app that is of interest to attackers, they can monitor the on-screen events.”

However, the most notable mobile “malware” remains the NSO Group’s Pegasus spyware, which has used what Google described as the most technically sophisticated exploit ever seen.

Related: Malware Can Fake iPhone Shutdown via ‘NoReboot’ Technique

Related: Apple Points to Android Malware Infections in Argument Against Sideloading on iOS

Related: Google Play Protect Scans 100 Billion Android Apps Daily

Related: Android App Developers Required by Google to Share More Info on Data Handling

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.