Cybersecurity: Twice as many mobile banking trojans were detected in 2022

In 2022, Kaspersky Lab experts discovered almost 200,000 new mobile banking Trojans, twice as many as in the previous year. This alarming growth is the highest in six years.

These and other findings are included in the Kaspersky Lab report “Mobile threats in 2022“.

With the development of mobile services and technologies, there are more and more threats to mobile devices. To address this growing problem, Kaspersky Lab experts are constantly monitoring the mobile threat landscape, monitoring trends, informing users and the cybersecurity community about potential risks. In 2022, Kaspersky Lab products detected 1,661,743 malware or unwanted software installers.

Highest in six years

One of the dominant and widespread mobile threats is banking trojans. They are used to search for data related to online banking and electronic payment systems. In 2022, Kaspersky Lab detected 196,476 mobile banking Trojan installers, twice as many as in 2021 and the highest number in six years. This suggests that cybercriminals are targeting mobile phone users and are increasingly interested in stealing financial data, actively investing in the creation of new malware, which can lead to significant financial losses for the targeted individuals.

Cybercriminals often distribute Trojan Banker malware in both official and unofficial app stores. Google Play still has banking Trojan downloaders such as Sharkbot, Anatsa/Teaban, Octo/Coper and Xenomorph disguised as utilities. For example, Sharkbot actively distributed installers imitating a file manager, which may ask for permission to install additional packages needed to run the Trojan on the user’s device, which compromises its security.

Protective Measures

To protect yourself from mobile threats, Kaspersky Lab recommends the following:

• It is safer to only download apps from official stores such as the Apple App Store, Google Play, or Amazon Appstore. Apps from these stores are not 100% safe, but at least they are verified by store agents and there is some kind of filtering system in place – not all apps can make it to these stores.
• Check the permissions of the apps you use and think carefully before allowing anything in an app, especially when it comes to high-risk permissions like accessibility services.
• A solid security solution can help you detect malware and adware before they run on your device. You can get protection directly from your mobile carriers.
• Users of iPhones and Android devices released (updated) after 2018 have privacy controls provided by Apple and can block apps from accessing photos, contacts, and GPS features if they feel these permissions are not needed.
• A good tip is to update your operating system and important applications as updates become available. Many security issues can be resolved by installing software updates.

From the editor. Almost every week, emails of the editorial office and personal mail of employees receive letters with attachments or links of different content. Often completely harmless or having connections with some kind of business contacts. However, they are not such, but are sent from attackers who seek to steal device user data or use it to spread malware or links to it further.

Who needs me?

Self-soothing phrases like who needs my data are actually dangerous and harmful. In any case, your device (computer, smartphone or tablet) has contacts or data of your friends, as a result of which a virus or a link to download it is sent further from your device.

I spread viruses. What could it be for me?

Based on the above, a careless user of devices can become a source of viruses and, in principle, may be held criminally liable for this. If, for example, a government service is hacked from his smartphone or computer or a letter with a terrorist threat is sent (in the latter case, one of our readers is under criminal investigation).

What to do? How to check?

Some of the advice has been given above. You can read more on the topic of recognizing malicious links in our publication. Danger: Be careful, phishing!

Source link