CIOREVIEW >> Security >>

Kaspersky Lab Warns Android Users against the Rising Incidents of Cyber Attacks

By CIOReview | Tuesday, March 10, 2015

WOBURN, MA: Android, an increasingly popular mobile operating system is being targeted for valuable financial and private information details by cybercriminals finds a study by Kaspersky Lab. The result of its study titled ‘Financial Cyberthreats in 2014’ tries to identify the frequency of financial malware attacks against Android users.

According to the study, the malware incidents tripled in 2014, especially there was a significant increase in the number of attacks by Trojan-SMS malware during the second half of the year.

“We believe that the main reason of the Trojan-SMS comeback is the appearance of malware capable of infection and theft even with AoC implemented in the cellular network. For example, we discovered such functionality in Opfake.a and Fakeinst malware modifications. Both are very active Trojan-SMS representatives,” explains Roman Unuchek, Senior Malware Analyst at Kaspersky Lab.

In the year 2014 alone, Kaspersky Lab’s Android products blocked a total of 2,317,194 financial attacks against 775,887 users around the world. Majority of these attacks used Trojan-SMS malware, and a small portion used Trojan-Banker malware. Significant findings from the study include: 

  • 48.15 percent of the attacks against users of Android-based devices, that were blocked by Kaspersky Lab products, used malware targeting financial data (Trojan-SMS and Trojan-Banker);
  • The number of financial attacks against Android users in 2014 increased 3.25 times (up from 711,993 to 2,317,194 attacks) compared with 2013, and the number of users attacked rose 3.64 times (up from 212,890 to 775,887);
  • 98.02 percent of all attacks by Android banking malware were accounted for by only three malicious families.

The study also warns that though the Trojan banker attacks may be less now but it is dangerously on the growth track and need to be controlled with immediate effect. The study also notes the initial decrease in the incidents of malware attacks which later increased towards the second half of the year, which is traditionally a “high” season for online shopping and online payment transactions, driving an increase in criminals targeting financial data.

“During the year, our cumulative Android user base grew significantly, which led to a rise in the number of financial malware detections and affected users. This growth rate is mainly down to Trojan-SMS,” continues Unuchek.

Over the period of study, the Lab products detected 20 different malicious Trojan-Banker programs. The three-star performers detected among them include: Faketoken, Svpeng and Marcher. Svpeng and Marcher are capable of stealing credentials for online banking as well as credit card information by replacing the authentication fields of mobile banking apps and app stores apps on an infected device. Faketoken, on the other hand is made for intercepting mTAN codes used in multifactor authentication systems and forwarding it to criminals. These three malwares are the ones responsible for 98.02 percent of all the Trojan-Banker attacks.