The first quarter of 2019 saw a significant spike in mobile banking malware that steals both credentials and funds from users’ bank accounts, according to researchers at Kaspersky Lab.
“In Q1 2019, Kaspersky Lab detected a 58% increase in modifications of banking Trojan families, used in attacks on 312,235 unique users. Banking Trojans grew not only in the number of different samples detected, but their share of the threat landscape increased as well. In Q4 2018, mobile banking Trojans accounted for 1.85% of all mobile malware; in Q1 2019, their share reached 3.24%,” today’s press release stated.
Researchers reportedly uncovered 29,841 different modifications of banking Trojans during the first three months of the year, up from 18,501 in Q4 2018. “As is customary, first place in the Top 20 for Q1 went to the DangerousObject.Multi.Generic verdict (54.26%), which we use for malware detected using cloud technologies,” researchers wrote.
“Cloud technologies are deployed when the antivirus databases lack data for detecting a piece of malware, but the company’s cloud already contains information about the object. This is basically how the latest malicious programs are detected.”
The report also noted that a new version of Asacub malware, which was first noted in 2015, accounted for more than half of all banking Trojans that attacked users. Over the past two years, attackers have modified its distribution scheme, which resulted in a spike of the malware in 2018, when it was reportedly used to attack 13,000 users a day. Though distribution has since declined, the malware remains a significant threat, with researchers observing Asacub used to target 8,200 users a day on average.
“The rapid rise of mobile financial malware is a troubling sign, especially since we see how criminals are perfecting their distribution mechanisms,” said Victor Chebyshev, security researcher at Kaspersky Lab. “For example, a recent tendency is to hide the banking Trojan in a dropper – the shell that is supposed to fly to the device under the security radar, releasing the malicious part only upon arrival.”