In Mobile Malware Evolution 2020 report released on Monday, researchers from Kaspersky Labs show that over the past 12 months, incidents of adware nearly tripled.
The researchers saw the number of mobile cyberattacks slightly dip, but they explain this by the effect of the pandemic.
“We saw a decrease in the number of attacks in the first half of the year, which can be attributed to the confusion of the first months of the pandemic,” wrote Victor Chebyshev from Kaspersky Labs, the author of the report. “The attackers had other things to worry about [and] were back at it in the second half.”
Adware was the leading form of attacks, accounting for 57%. Risk tools, unwanted programs that are not malicious on their own but could be used with malicious intent, were the second type of threats with 21%. Trojan droppers and mobile trojans accounted for 4.5% of attacks and SMS-based trojans – for 4% of all attacks on mobile.
All types of threats, except for adware, saw steep declines.
In 2020, adware attacks on mobile devices grew from 22% to 57% of all types of mobile threats compared with 2019.
Cybercriminals used Ewind adware families the most (65% of adware). This was followed by FakeAdBlocker (15%) and HiddenAd (10%).
Researchers explain the success of the Ewind malware by the nearly 2 million downloads of the Ewind.kp Android installer packages available from third-party Android app download sites and often infected by bad actors.
The most popular malware families targeting the Android devices were banking trojans Cebruser, Ghimob, GINP, and Cookiethief.
“The trojan Ghimob was one of 2020’s most exciting discoveries,” according to the Kaspersky report. “It stole credentials for various financial systems including online banking applications and cryptocurrency wallets in Brazil.”
Researchers note that Apple’s iOS that is closed hardware and software ecosystem posed more challenges for cybercriminals, but didn’t deter them completely.
Leading threats to Apple’s devices related to Safari browser’s rendering engine WebKit, Kaspersky said.
Significant growth in financial threats
The researchers found twice the previous year’s amount of installation packages for mobile banking Trojans in 2020, and more than in 2018.
They’ve compiled a long list of banking Trojans representing single-digit infections such as Wroba, Rotexy and Anubis.
The researchers explain the higher interest in financial institutions by the pandemic and the shift to online banking.
“The inability to visit a bank branch forced customers to switch to mobile and online banking, and banks, to consider stepping up the development of those services,” they wrote.