Connect with us

Hi, what are you looking for?

HEADLINES

Cybercriminals forego low hanging fruit to go after banking and gaming

Attackers also actively upgraded their banking Trojans, with Kaspersky detecting more than 95,000 new versions last year – many with improved capabilities. 

In 2021, Kaspersky saw a steady decline in attacks on mobile devices, while cybercriminals consolidated their efforts to focus on more dangerous (and profitable) threats instead. New mobile malware has become increasingly complex, featuring new ways to steal users’ banking and gaming credentials, as well as other strands of personal data. 

In 2021 Kaspersky detected more than 95,000 new mobile banking Trojans, but the number of attacks using such malware remained similar. Additionally, the share of Trojans – malicious programs capable of executing remote commands – doubled, reaching 8.8% in 2021. These and other findings are featured in Kaspersky’s Mobile Threats in 2021 report.

Kaspersky’s annual analysis of mobile threats demonstrated a positive trend – the number of attacks on mobile users worldwide has been declining, hitting 46 million in 2021 compared to 63 million in 2020. Experts attribute this development, in part, to the wave of attacks seen at the beginning of lockdown as users were forced to work from home. That period also saw increased use of various video conferencing and entertainment apps, increasing the volume and spread of attack opportunities. Now that the situation has stabilized, cybercriminal activity declined as a result.

Still, Kaspersky experts believe it is too early to relax. In 2021, 3.5 million malicious installation packages were detected, leading to 46.2 million attacks worldwide. Moreover, 80% of attacks were carried out by malware rather than adware (software that intrusively displays ads), or RiskTools (malicious programs with various functions such as concealing themselves from the screen). 

Advertisement. Scroll to continue reading.

In addition, the number of attacks using banking Trojans, programs designed to steal users’ banking credentials to later exploit them and drain targets’ bank accounts, have kept up the momentum. There were 2.367 million attacks in 2021, only 600 thousand fewer than in 2020. 

Attackers also actively upgraded their banking Trojans, with Kaspersky detecting more than 95,000 new versions last year – many with improved capabilities. 

For example, the Fakecalls banking Trojan is now capable of dropping calls whenever users try to contact the bank, replacing audio recordings with prepared answers from the operator. This way, users are tricked into thinking that they are talking to a real bank employee or the standard robot answering machine, and they unwittingly share sensitive information with the attackers. Other malware act more subtly. 

The Sova banking Trojan is capable of stealing users’ cookies, thereby gaining access to personal accounts in mobile banking apps, without necessarily knowing login and password information.

In 2021 cybercriminals also went after mobile gaming credentials – these are often sold later on the darknet or used to steal in-game goods from users. The first mobile Trojan of the Gamethief type stole credentials from the mobile version of PlayerUnknown’s Battlegrounds (PUBG). 

Advertisement. Scroll to continue reading.

“Indeed, there have been fewer mobile attacks in general, however, the attacks we are still seeing have become more complex and harder to spot. Cybercriminals tend to mask malicious apps under the guise of legitimate applications, which can often be downloaded from official app stores. On top of that, with mobile banking and payment apps becoming even more widespread, there is a higher chance of cybercriminals targeting these more actively. Staying cautious and careful on the internet and avoiding downloading unknown apps is good practice, but I also strongly recommend using a reliable solution. When it comes to the security of finances, in particular, it is better to be safe than sorry,” comments Tatyana Shishkova, security researcher at Kaspersky.

To protect yourself from mobile threats, Kaspersky shares the following recommendations:

  • It is safer to download your apps only from official stores like Apple App Store, Google Play, or Amazon Appstore. Apps from these markets are not 100% failsafe, but at least they get checked by shop representatives and there is some filtration system — not every app can get onto these stores.
  • Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services. The only permission that a flashlight app needs is to the flashlight (which doesn’t even involve camera access).
  • A reliable security solution can help you to detect malicious apps and adware before they start behaving badly on your device.
  • iPhone users have some privacy controls provided by Apple, and users can block app access to photos, contacts, and GPS features if they think these permissions are unnecessary.
  • A good piece of advice is to update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement