Attention to applications downloaded from Google Play and App Store: Bank data on smartphone have tripled

The number of attacks of banking trojans on smartphones increased by 196%, according to the report “The Mobile Malware Threat Landscape in 2024”.

Bank data thefts on smartphones tripled in 2024. Photo archive

According to the report, cyber criminals change tactics, based on mass malware distribution to steal bank data. Only in the last year, Kaspersky has detected over 33.3 million attacks on global smartphones, involving different types of undesirable malware and software.

The number of attacks with Banking Trojans on Android smartphones increased from 420,000 in 2023 to 1,242,000 in 2024. The malware spread by them is designed to steal users for online banking services, electronic payment services and credit card systems.

Cyber ​​criminals deceive victims to download banking trojans by distributing links by SMS or messaging applications, as well as by documents sent as an attachment. Subsequently, they can send messages using the account of a pirated contact, thus increasing the credibility of fraud. To deceive users, attackers often exploit topical news and popular topics, creating an emergency and mitigating victims' vigilance.

Although the banking Trojans are the type of malware with the fastest growth, they are ranked fourth in terms of the weight of the attacked users, with 6%. The most widespread category remains adware, which affects 57%of the attacked users, followed by general Trojans (25%) and Risktools (12%). The ranking includes malware, adware and unwanted software.

In 2024, cyber criminals launched on average 2.8 million malware, adware and unwanted software on mobile devices every month. During the year, Kaspersky products blocked a total of 33.3 million attacks.

In 2024, Fakemoney, a group of fraudulent applications designed for investments and false payments, was the most active threat. Another major concern was the versions modified by WhatsApp containing the Triad Trojan – a malware capable of downloading and performing additional malware or adware modules, for example, to display commercials or perform other unwanted actions. These unofficial CESApp modules were ranked third as an activity, immediately after a category of generic threats, based on cloud.

How can you protect yourself

To protect you from mobile threats, the specialists made the following recommendations:

• Downloading applications from official stores, such as Apple App Store and Google Play, is not always without risks. Kaspersky recently discovered Sparkcat, the first malware stolen screenshots and passing the security of the App Store. Malware was also found on Google Play, with a total of 20 infected applications on both platforms, which shows that these stores are not 100% safe. To be safe, always check your application reviews and total downloads when possible, use only links on official websites and install reliable security software, such as Kaspersky Premium, which can detect and block malicious activities if an application proves to be fraudulent.

• Check the permissions of the applications you use and think well before granting them, especially in the case of high risk permissions, such as Accessibility Services. For example, the only permission that a flashlight application needs is access to the flashlight (which does not even involve access to the camera).

• A good tip is to update your operating system and important applications as updates become available. Many safety problems can be solved by installing updated software versions.