Banking data theft attacks on smartphones triple in 2024, Kaspersky reports

Islamabad: According to a Kaspersky report titled “The Mobile Malware Threat Landscape in 2024,” Trojan banker attacks targeting smartphones saw a 196% increase in 2024 compared to the previous year. Cybercriminals are adapting their strategies, increasingly relying on widespread malware distribution to steal banking credentials. In the past year, Kaspersky detected over 33.3 million attacks on smartphone users worldwide, involving various types of malware and unwanted software.

The number of Trojan banker attacks on Android devices grew from 420,000 in 2023 to 1,242,000 in 2024. Trojan banker malware is specifically designed to steal users’ credentials for online banking, e-payment services, and credit card systems. Cybercriminals deceive victims into downloading Trojan bankers by distributing links through SMS, messaging apps, malicious attachments, and directing users to harmful websites. They can even impersonate a compromised contact to make the scam appear more credible. To manipulate users, attackers often capitalize on trending news or popular topics to create a false sense of urgency, lowering the victims’ guard.Pakistan witnesses 18% increase in phishing attempts in 2024 compared to 2023, Kaspersky Reveals

“Scammers have reduced their efforts to create unique malware packages and instead focus on spreading the same files to as many targets as possible. Cyber awareness has never been more critical, and it’s vital to educate those around us—children and seniors alike—because no one is immune to well-crafted scams designed to steal banking information,” said Anton Kivva, a security expert at Kaspersky.

Although Trojan bankers are the fastest-growing type of malware, they represent only 6% of the total attacks, ranking fourth in the overall share of affected users. The most prevalent category remains AdWare, affecting 57% of users, followed by general Trojans (25%) and RiskTools (12%). This ranking includes malware, adware, and unwanted software.

In 2024, cybercriminals launched an average of 2.8 million attacks per month on mobile devices, involving malware, adware, and unwanted software. Throughout the year, Kaspersky products blocked a total of 33.3 million attacks.

Shahzad Shahid, a Policy Advocate and IT and Digital Economy Expert in Pakistan, emphasized that the alarming surge in mobile banking malware attacks necessitates a comprehensive approach to cybersecurity. Public awareness and education should be the first line of defense. The public must be educated on safe digital practices, such as avoiding suspicious links, using multi-factor authentication, and regularly installing security updates. He further stated that the government should take an active role in integrating cybersecurity education into academic curriculums and ensuring stringent regulatory measures for financial institutions and digital service providers.

To safeguard against mobile threats, Kaspersky advises downloading apps from official stores like the Apple App Store and Google Play, though this is not entirely risk-free. Always check app reviews and download counts when possible, only use links from trusted websites, and install reliable security software, such as Kaspersky Premium, to detect and block fraudulent apps.

Learn more about the mobile malware threat landscape in 2024 on Securelist.