The research by Kaspersky Lab «Financial Cyberthreats in 2014 » reports that the number of financial attacks with malware against Android users increased by 3,25 times 2014. After an initial decrease in March of 2014, Kaspersky Lab researchers have seen a significant increase in the number of attacks through malware Trojan-SMS in the second half of the year.
- 48,15% of attacks against Android users, blocked by Kaspersky Lab's products, used malicious software to target financial data (Trojan-SMS and Trojan-Banker).
- The number of financial attacks against users Android 2014 increased by 3,25 times compared to 2013 (from 711.993 to 2.317.194 attacks), while the number of attacked users increased 3,64 times (from 212.890 to 775.887).
- 98,02% of all attacks with Android banking malware corresponded to just three malicious software "families".
Android is one of the most popular mobile operating systems in the world. As a result, it attracts digital criminals who target personal information and users' money. Within 2014, Kaspersky Lab products for Android devices have prevented 2.317.194 financial attacks against 775.887 users globally. Most of these (2.217.979 attacks against 750.327 users) used malicious Trojan-SMS software, while the rest (99.215 attacks against 59.200 users) used Trojan-Banker malware.
Despite the fact that Trojan-Banker's contribution to the overall volume of financial attacks against Android users is relatively small, it continues to grow. During the year, Kaspersky Lab's products identified 20 as different malicious Trojan-Banker programs. Among them, there were only three main "protagonists": Faketoken, Svpeng and Marcher. Svpeng and Marcher are capable of stealing login details into electronic bank accounts and credit card details by replacing mobile bank account and app stores in an "infected" device. Faketoken has been designed to intercept mTANs, which are used in multi-factor authentication systems, by promoting them to criminals. These three "families" accounted for 98,02% of all Trojan-Banker attacks.
The return of Trojan-SMS
In the spring of 2014, Kaspersky Lab researchers noted a significant reduction in the number of Trojan-SMS malware attacks. One possible reason for this reduction was the introduction of the Advice of Charge service from mobile operators in Russia (the main source of the Trojan-SMS threat). This means that whenever a customer (or Trojan-SMS) attempts to send a message to a special charge number, the provider notifies the customer how much the service will cost and asks for additional user confirmation.
The downward trend stopped in July and was followed by a steady increase for the rest of the year. The increase accelerated in December, which is traditionally a month with particularly high online traffic markets and online transactions, with criminals targeting financial data.
"During 2014, our cumulative database with users Android has increased considerably, which has also led to an increase in the number of malware and malicious software detected. However, the overall rate of growth of attacks with financial malware was faster and greater than could only be explained by an increase in the number of devices Android. This growth rate is mainly due to Trojan-SMS. We believe that the main reason for their return Trojan-SMS is the appearance of malware capable of both "infection" and theft, even when the "Billing Information" service is applied to network mobile phone. For example, we discovered such functionality in malicious modifications of malicious programs Opfake.a and Fakeinst. Both are very active representatives of them Trojan-SMS» said Roman Unuchek, Kaspersky Lab's Senior Malware Analyst.
Kaspersky Lab has many years of highly respected experience in combating digital threats against mobile devices. This experience forms the basis of Kaspersky Lab's security solutions. For example, the Kaspersky Fraud Prevention platform includes a Software Developer Kit for mobile software, which allows banks to protect their customers from online financial fraud. This allows banks to create mobile banking applications that will be resilient against digital threats. Kaspersky Lab solutions for home users, such as Kaspersky Internet Security – Multi-Device and Kaspersky Total Security – Multi-Device, also include security applications for the most popular mobile platforms.
The full text of the "Financial cyberthreats in 2014" survey is available at Securelist.com.
