Cyberattacks have grown rampant in recent years, impacting devices of all forms, including smartphones and tablets. In 2023 alone, mobile Trojan attacks saw a critical rise and new malware variants emerged. We explore these trends below, highlighting key statistics from Kaspersky Security Network that business owners like you should be aware of to be able to protect your mobile devices and data.
Rise in new malware varieties
During the first quarter of 2023, legitimate-seeming mobile photo editors concealed a malicious Trojan that subscribed users to paid services while intercepting notifications, leading to critical financial losses and privacy breaches. Another troubling find was Trojan.AndroidOS.Bithief.f, a program posing as a malicious modification of Skype. It surreptitiously stole cryptocurrency by monitoring clipboard contents, switching recipient wallet addresses, and diverting funds into the hands of hackers.
Kaspersky also discovered a minor increase in new malware varieties from Q4 2022 to Q1 2023. Adware once again assumed the leading position, accounting for 34.8% of these threats, with prominent families like MobiDash, HiddenAd, and Adlo impacting devices.
The period additionally saw an upsurge in mobile Trojans, primarily driven by the detection of Trojan.AndroidOS.Fakemoney.v and Trojan.AndroidOS.Adinstall.l. The former is a fake investment app that aims to harvest user’s payment details, while the latter is a form of adware that downloads and runs code without the user’s consent.
Mobile Trojan attacks
Mobile Trojans are malicious software designed to infiltrate your mobile device, often under the guise of legitimate apps or services. Their behavior is typically inconspicuous, exploiting vulnerabilities in your device to steal sensitive data, including financial information and personal details.
According to Kaspersky, the first quarter of 2023 saw a concerning rise in mobile banking Trojan installers, exceeding 57,000 cases. This surge was accompanied by a notable year-on-year increase in the activity of notorious mobile malware culprits such as Agent.la and Banbra, both of which were absent from the top 10 list in Q4 2022. In terms of the most common banking Trojans for Q1 2023, Bian.h and Faketoken.pac topped the list.
In contrast, mobile ransomware Trojans saw a decline in 2023, possibly due to a shift in profitability for cybercriminals. Nevertheless, the threat remains, with Pigetrl accounting for most of these attacks, followed by Small.as and various Rkor modifications.
The top 3 mobile malware programs of 2023
2023 saw the rise of three notorious mobile malware programs, each posing significant risks to users and businesses alike.
Leading the pack is DangerousObject.Multi.Generic, accounting for a substantial 13.27% of mobile malware occurrences. This classification encompasses a wide range of unrelated malware that cloud technology detects, highlighting the sheer diversity and unpredictability of these threats.
Trojan-Spy.AndroidOS.Agent.acq takes second place, a malicious variant masquerading as WhatsApp. This malware has an 8.60% prevalence rate and secretly monitors user’s notifications.
Finally, Trojan.AndroidOS.Boogr.gsh lands third on the list, a collective verdict for miscellaneous malware that represented an 8.39% share of the mobile malware landscape.
Regional malware trends
This year has witnessed a wide array of regional malware trends, highlighting the global reach and adaptability of these viruses. In Brazil, Banbra malware variants (a type of banking Trojan) performed widespread attacks on users, breaching Accessibility features to interact with and exploit other applications on devices.
Meanwhile, Indonesia dealt with a form of spyware known as SmsThief.td, malicious software disguised as public services, system apps, or marketplaces. In Japan, the Wroba banking Trojans and Bray mobile malware infiltrated devices under the guise of useful applications, such as call blockers.
Users in Turkey, on the other hand, found themselves targeted by a variety of banking Trojans, while Kazakhstan grappled with a GriftHorse subscription Trojan variant. Lastly, Iran faced hidden and stubborn Hiddapp programs and the FakeGram family posed challenges for users, with third-party Telegram clients automatically adding users to channels without consent.
These regional variations are a reminder that mobile security threats are not uniform, requiring tailored defenses and vigilance across the globe.
NetQuest offers a wide range of affordable cybersecurity solutions tailor-made to you and your business. Get in touch with our experts to explore the best ways of securing your data in 2023 and beyond. Schedule a consultation today.
