Kaspersky, recently released a report on the Malware threats in Q2, which revealed a drastic increase in the number of mobile malware threats detected and blocked by Kaspersky solutions in the second quarter of the year when compared to Q1 2020. The increase noted was around 93232 more threats detected from the period of April to July 2020.
According to the report, Adware topped the list with 48%, a decrease of one percentage point from the previous quarter. The Ewind adware family (60.53% of all adware detected) was most common in Q2, followed by the FakeAdBlocker family with 13.14% and Inoco with 10.17%. RiskTool-type potentially unwanted software ranked second among all detected threat classes. SMS trojans hold third place among all detected threats with 7.59%. Agent (33.74%), Fakeinst (26.80%) and Opfake (26.33%) were the largest of the detected families of SMS trojans. All the three families were more common with Russian users, which is typical of the entire SMS trojan threat class.
The top 3 countries with the largest share of users attacked by mobile malware remained unchanged in Q2: Iran (43.62%) followed by Algeria (21.97%) and Bangladesh (19.30%), India ranked 6th on the list with 13.54%
Another notable observation made was the decrease of Mobile Banking Trojans. During the reporting period, Kaspersky detected 38,951 mobile banking trojan installer packages, 3,164 fewer than in Q1 2020. Kaspersky also detected 3,805 installation packages for mobile Trojan ransomware in Q2 2020, which is 534 fewer than last quarter.
The number of mobile banking and ransomware trojans has been decreasing from quarter to quarter mainly because of these two causes:
- It is much harder to extort cash from users than to steal the bank account data right away. At the same time, the device needs to be previously infected in either case, so with the costs being equal, cybercriminals will choose the path of least resistance, i.e. theft.
- A ransomware trojan is a threat the user will likely want to fight to get the device back to a functional state. The user is likely to win, too, even if by factory-resetting the device. Cybercriminals, in their turn, try to keep their malware undetected on the device as long as possible, which runs counter to the whole idea of mobile ransomware.
Stalkerware too saw a decrease in Q2 2020. Many of the countries where this type of spyware enjoyed popularity went on a lockdown or imposed self-isolation requirements, which resulted in stalkerware users finding themselves locked up for a long period of time with those they intended to spy on. One can assume that this led to a reduction in the number of mobile devices on which we detected stalkerware. Russia had the largest number of users whose devices were found to contain stalkerware in Q2 2020. It was followed closely by Brazil and, India came third, having half of Russia’s number of users that had encountered stalkerware.
“Over the past few quarters, we have seen an increase in the number of detected objects. Early 2018 saw a similar situation, when a great number of trojan droppers and potentially unwanted software was discovered. As the mobile and internet consumption goes up, especially in countries like India and other South Asian regions, it can be predicted that cybercriminals too would shift their focus towards increasing threat actors for smartphones to increase their financial gains. Some of the most popular threat actors include Adware, banking & SMS trojans as well as stalkerware, all these are greatly used by the cybercriminals to earn huge money by targeting smartphone users, and even stealing their important data to later sell it on the dark web or underground market. Consumers today need to understand the importance of having a basic anti-virus or internet security solution installed on their devices to keep their data safe”, noted Mr. Dipesh Kaura, General Manager for South Asia, Kaspersky.
“Increasing self-awareness about the types of threats that may target mobile users is also equally important. Consumers should not only keep themselves updated on the various types of threats, but also spread their knowledge in order to keep their family and friends aware and secure online”, added Mr. Kaura.