Until recently, mobile malware was relatively rare. Today, the focus has shifted from computers to mobile phones. And the fact is that researchers have found nearly 100,000 new variants of mobile banking Trojans in just one year, as reported by Charlie Osborne from the technology website zdnet.
As our digital lives have begun to focus more on mobile phones than desktop computers, many malware developers have focused part of their targets on creating mobile threats.
The countries most affected by mobile banking Trojans are Japan, Spain, Turkey, France, Australia, Germany, Norway, Italy, Croatia and Austria.
According to Kaspersky, the Russian IT security company, it has been found that after a sharp increase in the number of attacks detected in 2020, the types of banking Trojans have reportedly started a certain downward trend.
Cybersecurity researchers added that this downward trend in mobile attacks in general is true, but this is paralleled by attacks becoming more sophisticated both in terms of malware functionality and vectors.
Many traditional infection routes remain viable, including phishing or downloading and running suspicious software, but it is also apparent that cybercriminals are infiltrating official app stores to lure mobile phone owners into downloading software that appears to be trustworthy.
This technique is often associated with the distribution of remote access Trojans (RATs). Although Google maintains security barriers to prevent malicious applications from being hosted among its applications, there are methods that circumvent these controls.
In 2021, for example, Malwarebytes found an app on Google Play disguised as a useful barcode scanner with more than 10 million active installs. Although the application was sent out as legitimate software, an update was issued after it accumulated a large user base that turned the application into a form of aggressive adware.
The same tactic can be used to turn seemingly benign applications into banking Trojans designed to steal financial data and account credentials from online services. In the mobile world, theft can occur by redirecting users to phishing pages or by performing overlay attacks, in which a window covers the screen of a banking application. Trojans can also quietly register their victims on premium phone services.
The banking Trojans responsible for the most detected attacks during 2021 were Trojan-Banker.AndroidOS.Agent, Trojan-Banker.AndroidOS.Anubis and Trojan-Banker.AndroidOS.Svpeng.