Asacub mobile banking Trojan remains a powerful financial threat

Woburn, MA – May 23, 2019 — / — Kaspersky Lab researchers have uncovered a significant rise in malware designed to steal credentials and money from users’ bank accounts. In Q1 2019, company researchers detected 29,841 different malicious mobile banking Trojans circulating online, up from 18,501 in Q4 2018.

Mobile banking Trojans are one of the most rapidly developing, flexible and dangerous types of malware. They typically steal funds directly from consumers’ bank accounts, but sometimes their purpose is changed to steal other kinds of credentials. The malware looks like a legitimate application, such as a banking app. When a victim tries to reach their actual bank app, the attackers gain access to that, too.

In Q1 2019, Kaspersky Lab detected a 58% increase in modifications of banking Trojan families, used in attacks on 312,235 unique users. Banking Trojans grew not only in the number of different samples detected, but their share of the threat landscape increased as well. In Q4 2018, mobile banking Trojans accounted for 1.85% of all mobile malware; in Q1 2019, their share reached 3.24%.

While users were subjected to a variety of mobile banking malware families, one was particularly active in the first quarter of 2019: a new version of the Asacub malware accounted for 58.4% of all banking Trojans that attacked users. Asacub first appeared in 2015, and the attackers subsequently spent two years perfecting its distribution scheme. As a result, the malware peaked in 2018, when it attacked 13,000 users a day. Since then, its distribution rate has slowed, although it remains a powerful threat. In Q1 2019, Kaspersky Lab detected Asacub targeting 8,200 users a day on average.

“The rapid rise of mobile financial malware is a troubling sign, especially since we see how criminals are perfecting their distribution mechanisms,” said Victor Chebyshev, security researcher at Kaspersky Lab. “For example, a recent tendency is to hide the banking Trojan in a dropper – the shell that is supposed to fly to the device under the security radar, releasing the malicious part only upon arrival.”

Other online threat statistics from Kaspersky Lab’s report include:

  • Kaspersky Lab solutions detected and repelled 947,027,517 malicious attacks from online resources located in 203 countries around the world.
  • Web antivirus components recognized 246,695,333 unique URLs as malicious.
  • Attempted infections by PC malware that aims to steal money via online access to bank accounts were registered on 305,315 user computers.
  • Kaspersky Lab’s file antivirus detected a total of 239,177,356 unique malicious and potentially unwanted objects.

To reduce the risk of infection by a banking Trojan, Kaspersky Lab advises the following:

  • Install applications only from trusted sources, and ideally, only from the official app store.
  • Check permissions requested by any app that you download. If they do not correspond with the app’s task (e.g. a reader asks to access your messages and calls), this can be a sign of a suspicious app.
  • Use a robust security solution on your mobile device to protect you from malicious software and its actions, such as Kaspersky Internet Security for Android.

Read the full version of the Kaspersky Lab’s IT threat evolution report for Q1 2019 on Securelist —

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at

Media Contact
Meghan Rimol

Source: Kaspersky Lab




Tags: ,