According to Kaspersky’s latest mobile malware report, the number of mobile malware attacks decreased significantly in 2021, but attacks were more sophisticated.
In 2021, the cybersecurity firm’s systems identified approximately 3.5 million malicious installation packages on mobile devices, down from 5.7 million the year before. However, it’s worth noting that the figure for 2021 is nearly identical to that for 2019.
The majority of these infection attempts were made against users in Asian countries, with Iran, China, and Saudi Arabia accounting for the biggest percentages of attacks.
Surprisingly, the bulk of the Kaspersky-blocked packages contained adware or other potentially unwanted software.
Banking trojans, which made up fewer than 3% of all attacks (97,000 malicious installation packages), largely targeted consumers in wealthier nations like Japan, Spain, Turkey, France, Australia, Germany, Norway, Italy, Croatia, and Austria.
In the case of mobile ransomware, the number of attempted infections fell from over 20,000 in 2020 to 17,000 in 2021. These assaults primarily targeted Asian users.
While the number of attacks appears to have declined, Kaspersky warns that malware capabilities and attack channels are becoming more sophisticated.
Malicious code was sometimes installed into popular mobile apps via advertising SDKs (e.g. Triada trojan). In many situations, cybercriminals have been able to distribute malware and fake apps through Google Play and other official app stores.
“Banking Trojans gained new powers in 2021,” according to Kaspersky. “The Fakecalls banker, which primarily targets Korean users, makes outgoing calls to the victim’s bank and then plays pre-recorded operator responses saved in the Trojan’s body.”
“The Sova banker steals cookies, allowing attackers to gain access to the user’s current session and personal mobile banking account without knowing the login credentials,” the report continued. The Vultur backdoor records the smartphone screen using VNC (Virtual Network Computing); when the user launches an app that attackers are interested in, they can observe the on-screen events.”
The most well-known mobile “virus” is the NSO Group’s Pegasus spyware, which uses what Google calls the “most technically advanced exploit ever seen.”