Kaspersky’s annual analysis of mobile threats shows that the number of attacks on mobile users worldwide has been declining to 46 million in 2021 from 63 million in 2020.
It is a huge decline, but experts say that the high numbers of mobile threats in 2020 could be caused by the wave of attacks at the beginning of lockdown as users were forced to work from home.
That period also saw increased use of various video conferencing and entertainment apps, increasing the volume and spread of attack opportunities.
Now that the situation has stabilised, cybercriminal activity has declined.
In 2021, 3.5 million malicious installation packages were detected, leading to 46.2 million attacks worldwide.
80% of attacks were carried out by malware rather than adware (software that intrusively displays ads), or RiskTools (malicious programs with various functions such as concealing themselves from the screen).
The number of attacks using banking Trojans, programs designed to steal users’ banking credentials to later exploit them and drain targets’ bank accounts, have kept up momentum. There were 2.367 million attacks in 2021, only 600 thousand fewer than in 2020.
Attackers also actively upgraded their banking Trojans, with Kaspersky detecting more than 95,000 new versions last year.
For example, the Fakecalls banking Trojan is now capable of dropping calls whenever users try to contact the bank, replacing audio recordings with prepared answers from the operator.
This way, users are tricked into thinking that they are talking to a real bank employee or the standard robot answering machine, and they unwittingly share sensitive information with the attackers.
Other malware act more subtly. The Sova banking Trojan is capable of stealing users’ cookies, thereby gaining access to personal accounts in mobile banking apps, without necessarily knowing login and password information.
In 2021 cybercriminals also went after mobile gaming credentials – these are often sold later on the darknet or used to steal in-game goods from users.
The first mobile Trojan of the Gamethief type stole credentials from the mobile version of PlayerUnknown’s Battlegrounds (PUBG).
These and other findings are featured in Kaspersky’s Mobile Threats in 2021 report.
To protect yourself from mobile threats, Kaspersky shares the following recommendations:
- It is safer to download your apps only from official stores like Apple App Store or Google Play. Apps from these markets are not 100% failsafe, but at least they get checked.
- Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services.
- A reliable security solution can help you to detect malicious apps and adware before they start behaving badly on your device.
- iPhone users have some privacy controls provided by Apple, and users can block app access to photos, contacts, and GPS features if they think these permissions are unnecessary.
- A good piece of advice is to update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.