The Number of Financial Attacks Against Android Users Tripled in 2014

 Email This Post

WOBURN, MA – March 5, 2015 — /BackupReview.info/ — Kaspersky Lab has released results from its ‘Financial Cyberthreats in 2014’ study that found that the number of financial malware attacks against Android users tripled in 2014. Following an initial decrease in March 2014, Kaspersky Lab researchers registered a significant increase in the number of attacks by Trojan-SMS malware during the second half of the year.

Key statistics from the study include:

• 48.15% of the attacks against users of Android-based devices, that were blocked by Kaspersky Lab products, used malware targeting financial data (Trojan-SMS and Trojan-Banker);
• The number of financial attacks against Android users in 2014 increased 3.25 times (up from 711,993 to 2,317,194 attacks) compared with 2013, and the number of users attacked rose 3.64 times (up from 212,890 to 775,887);
• 98.02% of all attacks by Android banking malware were accounted for by only three malicious families.

Android is one of the most popular mobile operating systems in the world, attracting the attention of cybercriminals targeting users’ private information and money. During 2014, Kaspersky Lab’s Android products blocked a total of 2,317,194 financial attacks against 775,887 users around the world. The lion’s share of these attacks (2,217,979 attacks against 750,327 users) used Trojan-SMS malware, and the rest (99,215 attacks against 59,200 users) used Trojan-Banker malware.

Although the Trojan-Banker contribution to the overall volume of financial attacks against Android users is relatively small, it continues to grow. During the year, Kaspersky Lab products detected 20 different malicious Trojan-Banker programs. But there were only three-star performers among them: Faketoken, Svpeng and Marcher. Svpeng and Marcher are capable of stealing credentials for online banking as well as credit card information by replacing the authentication fields of mobile banking apps and app stores apps on an infected device. Faketoken is made for intercepting mTAN codes used in multifactor authentication systems and forwarding it to criminals. These three families accounted for 98.02% of all Trojan-Banker attacks.

Trojan-SMS comeback
In the spring of 2014, Kaspersky Lab researchers noticed a significant decrease in the number of attacks by Trojan-SMS malware. One possible reason for this fall was the introduction by mobile-phone operators in Russia (the main source of Trojan-SMS threat) of an Advice of Charge (AoC) mechanism. This means that every time a customer (or an SMS Trojan) attempts to send a message to a premium number, the operator notifies the customer how much the service will cost and requests additional confirmation from the user.

The decrease ended in July and was followed by a steady increase throughout the rest of the year. The growth sped up in December, which is traditionally a “high” season for online shopping and online payment transactions, driving an increase in criminals targeting financial data.

“During the year, our cumulative Android user base grew significantly, which led to a rise in the number of financial malware detections and affected users. However, the overall growth rate of attacks with financial malware was faster and greater than could be explained by the increased number of Android devices alone. This growth rate is mainly down to Trojan-SMS. We believe that the main reason of the Trojan-SMS comeback is the appearance of malware capable of infection and theft even with AoC implemented in the cellular network. For example, we discovered such functionality in Opfake.a and Fakeinst malware modifications. Both are very active Trojan-SMS representatives,” said Roman Unuchek, Senior Malware Analyst at Kaspersky Lab.

Kaspersky Lab has many years of highly respected experience in combating mobile cyberthreats. This experience underpins Kaspersky Lab’s security solutions. For example, a mobile software developer kit is included in the Kaspersky Fraud Prevention platform that enables banks to protect their customers from online financial fraud. This allows banks to create mobile banking applications that are resilient to cyberthreats. Kaspersky Lab’s solutions for home users, such as Kaspersky Internet Security – Multi-Device and Kaspersky Total Security, also include security applications for the most popular mobile platforms.

The full text of the ‘Financial Cyberthreats in 2014’ study can be found on Securelist.com

About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users^*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide. Learn more at www.kaspersky.com.

*The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating was published in the IDC report Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares (IDC #250210, August 2014). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013.

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam – www.securelist.com/en/
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News – www.threatpost.com/
Follow @Threatpost on Twitter

Media Contact
Stephen Russell
781.503.1833
stephen.russell@kaspersky.com
www.kaspersky.com

Source: Kaspersky

Tags: Kaspersky, Kaspersky Lab