- In its Financial Threats Report 2023, Kaspersky saw a 32 percent increase in the number of banking malware attacks against Android users.
- While businesses are targeted, home users are the main target of cybercriminals.
- PayPal, Amazon and ecommerce platforms were the most popular lures used by criminals.
While using ransomware for extortion is a popular attack method, research from Kaspersky shows that cybercriminals aren’t above robbing people directly.
The cybersecurity firm’s Financial Threats Report for 2023 reveals that the use of banking malware increased throughout the year. In particular, Kaspersky saw a 32 percent increase in the number of Android users targeted by mobile banking trojans compared to 2022.
“The most prevalent banking trojan was Bian.h, accounting for 22% of all Android attacks. Geographically, Afghanistan, Turkmenistan, and Tajikistan recorded the highest share of users encountering banking Trojans, with Turkiye leading mobile banking malware attacks, with almost 3% of users affected (2.98%),” writes Kaspersky.
Interestingly, the number of attacks on PCs declined by 11 percent. Despite this, Ramnit and Zbot were prominent attack vectors that affected more than 50 percent of PC users targeted by banking malware.
While businesses are targeted by cybercriminals, according to Kaspersky’s data, consumer targets were in the majority. The firm reports that 61.2 percent of banking malware attacks were directed at consumers. This continues in financial phishing attacks where 27.32 percent of attacks were against businesses and 30.68 percent were against home users.
The most popular lures to get users to click on these phishing emails were ecommerce stores (41.65 percent of phishing attacks) and PayPal was used in 54.78 percent of phishing pages. Amazon emerged as the most mimicked online store, accounting for 34 percent of phishing attempts, followed by Apple at 18.66 percent and Netflix at 14.71 percent. PayPal was the most targeted payment system, with 54.73 percent of attacks.
“Money has always been a magnet for cybercriminals, and a substantial portion of malware attacks are financially motivated. The surge in mobile malware witnessed last year highlights a concerning trend in cybercrime. With the emergence of new and aggressive malware strains, attackers are evolving their tactics to target mobile devices more aggressively. This underscores the imperative for individuals and businesses to maintain heightened vigilance, update protective measures, and fortify device security accordingly,” says security expert at Kaspersky, Igor Golovin.
Cryptocurrency is also still a tempting target for cybercriminals. The firm prevents nearly six million crypto phishing attacks, a 16 percent increase compared to 2022.
To guard against these attacks Kaspersky recommends the following:
- It’s safer to download your apps only from official stores like Google Play or Amazon Appstore. Apps from these markets are not 100 percent failsafe, but they get checked by shop representatives and there is some filtration system — not every app can get into these stores.
- Check the permissions of the apps that you use and think carefully before permitting an app, especially when it comes to high risk permissions such as permission to use Accessibility Services.
- A reliable security solution can help you to detect malicious apps and adware regardless of their obfuscation techniques before they can start behaving badly on your device.
- A good piece of advice is to update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.
