It’s not great news for mobile device users. Overall, attacks on mobile devices nearly doubled, from 66.4 million in 2017 to 116.5 million by the end of 2018. Even more disturbing is the huge jump in banking malware attacks involving Android mobile users–up almost 300% since 2017. This jump alone involved 1.8 million Android mobile banking users attacked last year. While cybersecurity experts struggle to figure out how the tragic increases in attacks occurred, a look behind the alarming surge in mobile device banking attacks is helpful.
While the financial industry continues to be one of the top-targeted industries worldwide, a report by Kaspersky Lab shows those who do their banking transactions on Android mobile devices are being hardest hit. The most popular malware culprits behind the attacks are: #1 Trojan Droppers designed to bypass detection; #2 Bank account attacks via mobile devices; #3 Apps hackers use to cause damage; #4 Adware apps. With mobile bank account attacks at #2, it’s no surprise the stats continue to grow. The report finds it’s possible to take over, or hijack, a legitimate application and force it to launch a banking app in order to make a money transfer right on the victim’s device; often without the user even knowing what happened. Not at all reassuring.
Worldwide, financial malware attacks on Android users are most common in the U.S., South Africa, and Russia. Only three banking malware families were responsible for 85% of all banking hacks–Asacub, Agent and Svpeng. Although these names may not mean much to users, what these malware families do to online financial accounts are all too commonplace. Stealing banking credentials, logins, passwords, credit card numbers, and of course, money, are all par for the course. With the global jump in cryptocurrency users, bitcoin wallet attacks are also gaining traction with hackers. Email phishing and malware enabled a $750,000 attack on the Electrum cryptocurrency wallet. As attacks on all financial industries continue to rise, so does the need to be hyper-aware of financial accounts and those mobile devices used for transactions.
The best way to avoid these is to always be on the lookout for phishing email and text attempts. If a link or attachment isn’t expected, it could be dangerous. In addition, always download apps from the official stores for the related devices.
Of course, always remember that if hackers want what you have, they eventually figure out how to get it. That said, we all have the power and responsibility to educate ourselves to mitigate that risk as much as possible.