Mobile users have been targeted by almost twice as many attacks using malicious software during 2018, going up from 66.4 million in 2017 events detected during 2017 to 116.5 million until the end of last year according to a report by Kaspersky Lab.
Despite this large increase in the number of malicious mobile software attacks, only 5,321,142 installation packages containing malware samples were identified throughout the entire year, down 409,774 when compared to the 2017 stats.
While threat actors who chose to target mobile users have also been using heavily tested methods such as SMS spam, they were also willing to experiment with techniques like DNS hijacking that was previously only reserved for attacking desktop platforms.
As detailed in Kaspersky’s report, the most popular tools and attack techniques in the arsenal of mobile miscreants were:
• Droppers (Trojan-Dropper), designed to bypass detection
• Attacks on bank accounts via mobile devices
• Apps that can be used by cybercriminals to cause damage (RiskTool)
• Adware apps
As a side note, the security company was also able to detect three malicious campaigns operated by advanced persistent threat (APT) groups that were snooping around in their victims’ mobile devices for messages shared on various social networks.
Kaspersky is not the only security firm who uncovered this type of APT activity, CheckPoint’s research team also unearthing an extensive surveillance operation that spanned over two years by targeting distinct groups of individuals using malicious mobile apps to exfiltrate sensitive info from the device together with voice recordings of their surroundings.
All throughout 2018, both banking and dropper Trojans have seen a consistent increase in the number of unique samples detected and the number of users who were attacked with their help. While the most “popular” dropper family among threat actors was Trojan-Dropper.AndroidOS.Piom, the Asacub and the Hqwar banking Trojans were the most prevalent.
Even though mobile banking Trojans have also abused Accessibility Services beforehand, 2018 saw a drastic uptick in this malicious technique allowing the malware creators “to hijack a perfectly legitimate application and force it, say, to launch a banking app to make a money transfer right there on the victim’s device.”
To be more exact, when it comes to the actual numbers, Kaspersky reports that all its mobile security solutions detected “151,359 installation packages for mobile banking Trojans,” an effective increase rate of 1.6 when compared to 2017. The more impressive results were observed in the number of mobile attacks that used this malware family, as can be seen in the graph below.
Other malware families were also employed by mobile cybercriminals, but they weren’t as successful in their ventures. For example, mobile ransomware Trojans and spyware Trojans both lost ground during last year.
Among the malware samples Kaspersky detected in 2018, the most dangerous –but luckily not as widespread– were Trojan.AndroidOS.Triada.dl and Trojan.AndroidOS.Dvmap.a, two Trojan strains designed to “use superuser privileges to carry out their malicious activity. In particular, they place their components in the device’s system area, which the user only has read access to, and hence they cannot be removed using regular system tools.”
As a final note, the technologies and products used by Kaspersky Lab during 2018 to fend off mobile malware detected:
• 5,321,142 malicious installation packages
• 151,359 new mobile banking Trojans
• 60,176 new mobile ransomware Trojans
The statistical data behind Kaspersky Lab’s mobile malware evolution report for 2018 was collected using all the company’s mobile security solutions no only the Kaspersky Mobile Antivirus for Android to generate a more accurate depiction of the year’s mobile malware activity.