There has been a significant rise in malware designed to steal credentials and money from users’ bank accounts, a new report found.
In the first quarter this year, researchers detected 29,841 different malicious mobile banking Trojans circulating online, up from 18,501 in Q4 2018.
Mobile banking Trojans are one of the most rapidly developing, flexible and dangerous types of malware. They typically steal funds directly from consumers’ bank accounts, but sometimes their purpose is changed to steal other kinds of credentials. The malware looks like a legitimate application, such as a banking app. When a victim tries to reach their actual bank app, the attackers gain access to that, too.
In Q1, Kaspersky Lab detected a 58 percent increase in modifications of banking Trojan families, used in attacks on 312,235 unique users. Banking Trojans grew not only in the number of different samples detected, but their share of the threat landscape increased as well. In Q4 2018, mobile banking Trojans accounted for 1.85 percet of all mobile malware; in Q1 2019, their share reached 3.24 percent.
While users were subjected to a variety of mobile banking malware families, one was particularly active in the first quarter of 2019: A new version of the Asacub malware accounted for 58.4 percent of all banking Trojans that attacked users. Asacub first appeared in 2015, and the attackers subsequently spent two years perfecting its distribution scheme. As a result, the malware peaked in 2018, when it attacked 13,000 users a day. Since then, its distribution rate has slowed, although it remains a powerful threat. In Q1 2019, Kaspersky Lab detected Asacub targeting 8,200 users a day on average.
“The rapid rise of mobile financial malware is a troubling sign, especially since we see how criminals are perfecting their distribution mechanisms,” said Victor Chebyshev, security researcher at Kaspersky Lab. “For example, a recent tendency is to hide the banking Trojan in a dropper – the shell that is supposed to fly to the device under the security radar, releasing the malicious part only upon arrival.”
Click here to read the full version of the Kaspersky Lab’s IT threat evolution report for Q1 2019.