According to Kaspersky’s quarterly analysis on mobile virus propagation, there has been a declining trend since late 2020. Despite a decline in total malware numbers, the security firm sees an increase in trojan distribution, including generic trojans, banking trojans, and spyware.
This alarming trend highlights a shift toward more sophisticated and destructive operations, which are gradually displacing low-yielding adware and “risk-tools.”
In terms of distribution numbers, adware and “risk tools” remain the most common, with the latter accounting for nearly half of all mobile malware infection attempts detected by Kaspersky in Q1 2022.
Trojans on the rise
When compared to the previous quarter, detections of mobile banking trojans have climbed by around 40%, and the amount has more than doubled when compared to Q1 2021 data.
To steal people’s account credentials, this form of malware frequently overlays login panels on top of legitimate banking or cryptocurrency management software.
Banking trojans are becoming more frequently and inexpensively available on hacker forums and Telegram channels, resulting in an upsurge in their use by low-skill cybercriminals.
According to Kaspersky, the new family they track as “Trojan-Banker.AndroidOS.Bray” accounted for 81 percent of all mobile trojan detections in the first quarter of the year, pushing the dispersion estimates upwards.
Threats for the first quarter of 2022 have been highlighted
At the start of this year, Kaspersky discovered some interesting trends, the most notable of which is an increase in fraudulent apps distributed through official app store channels such as Google’s Play Store.
Scammers took advantage of the Russian invasion of Ukraine in the first quarter of 2022 to provide fraudulent public benefit apps promising cash help in reaction to sanctions and transactional limitations. These programs, on the other hand, simply stole money from consumers by redirecting them to malicious websites.
Aggressive payday lending apps, which mostly target consumers in India, Brazil, and Mexico, are another prominent issue.
These are classified as “RiskTool.AndroidOS.SpyLoan” by Kaspersky, who claims that during installation, these apps request access to the user’s contact lists, SMS, and photographs. This information is utilized for extortion if the payment is late.
Bill collection agents working on these platforms have been reported to call people on the users’ contact lists to expose them and raise the pressure to pay the debt.
In other, more extreme circumstances, users of these apps are locked out of their phones if they fail to make a payment, emulating ransomware threats.
Outlook for the Second Quarter of 2022
Because the events and conditions that powered the prior quarter’s trends haven’t changed, trojan dissemination is projected to continue to supplant threats labeled as adware and riskware.
Mobile devices are frequently a weak link in the security chain, and their use in corporate settings is growing. Regrettably, this is not always done with adequate security measures in place.
Despite the fact that Google and Apple have made significant progress in terms of introducing protections, measures to prevent permission abuse, and making their app stores safer, criminal actors continue to attack users.
All of this means that consumers should maintain their smartphones up to date, only install the bare minimum of apps from official stores, carefully check the requested permissions, read user reviews, visit the developer’s website, and use mobile security tools.
