The number of malware attacks may have dropped in 2021 but they have become more sophisticated and evasive. This is one of the findings of cybersecurity solutions firm Kaspersky in its 2021 mobile threats report. In the same report, the company said it found more than 95,000 new mobile banking Trojans.

While Kaspersky saw the trend on the positive side, having monitored fewer attacks on mobile users worldwide dropping from 63 million in 2020 to 46 million in 2021, it advises people to still keep their guards up.

"Cybercriminals tend to mask malicious apps under the guise of legitimate applications, which can often be downloaded from official app stores," said Tatyana Shishkova, security researcher at Kaspersky. "On top of that, with mobile banking and payment apps becoming even more widespread, there is a higher chance of cybercriminals targeting these more actively."

PH ranks 4th in countries most targeted by web threats — Kaspersky

The company discovered that Trojans, malicious programs capable of executing remote commands, doubled in 2021 reaching 8.8%. There were 2.367 million attacks in 2021, only 600,000 fewer than in 2020. But Kaspersky said these are new variants meaning they are evolving becoming more powerful in their attacks.

"For example, the Fakecalls banking Trojan is now capable of dropping calls whenever users try to contact the bank, replacing audio recordings with prepared answers from the operator," the cybersecurity solutions firm said. "This way, users are tricked into thinking that they are talking to a real bank employee or the standard robot answering machine, and they unwittingly share sensitive information with the attackers. Other malware act more subtly."

The Sova banking Trojan is capable of stealing users' cookies, thereby gaining access to personal accounts in mobile banking apps, without necessarily knowing login and password information.

Mobile Gaming

Gaming is another area that cybercriminals found to be lucrative to exploit with the number of mobile gamers increasing every year. The credentials of the gamers found their way to the darknet or used to steal in-game goods from users. The first mobile Trojan of the Gamethief type stole credentials from the mobile version of PlayerUnknown's Battlegrounds (PUBG).

To protect yourself from mobile threats, Kaspersky shares the following recommendations:

  • It is safer to download your apps only from official stores like Apple App Store, Google Play, or Amazon Appstore. Apps from these markets are not 100% failsafe, but at least they get checked by shop representatives and there is some filtration system — not every app can get onto these stores.
  • Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services. The only permission that a flashlight app needs is to the flashlight (which doesn't even involve camera access).
  • A reliable security solution can help you to detect malicious apps and adware before they start behaving badly on your device.
  • iPhone users have some privacy controls provided by Apple, and users can block app access to photos, contacts, and GPS features if they think these permissions are unnecessary.
  • A good piece of advice is to update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.