The number of malicious ads tripled in 2020

An analysis of mobile threats in 2020 showed an increase in the popularity of malicious ads, adware, and online banking malware among criminals.

In 2020, hackers began to actively attack financial applications, when the coronavirus infection (COVID-19) pandemic forced local bank branches to close and their customers had to switch to online services. Over the past 12 months, the number of adware use cases has almost tripled.

In their Mobile Malware Evolution 2020 report, experts from Kaspersky Lab spoke about current mobile threats and identified trends in mobile security until 2021.

In 2020, 12 out of 22 types of mobile threats showed an increase in the number of detected installation packages, with adware showing the most significant surge – from 21.81% to 57.26%. The number of packages more than quadrupled – 3,254,387 in 2020 against 764,265 in 2019. AdWare became the leader among the types of mobile threats (57.26%), followed by RiskTool (21.34%), and the third position, as in 2019, was taken by Trojan-Dropper malware (4.51%).

“The vast majority of adware applications detected in 2020 (64.93%) were from the Ewind family. The most common representative of this family is AdWare.AndroidOS.Ewind.kp – over 2.1 million detected packages”, – said the researchers.

According to experts, the main threats to Apple’s mobile devices were downloaded files using the Safari browser’s rendering engine called WebKit. In 2020, TrendMicro experts recorded the use of Apple WebKit exploits for remote code execution in conjunction with Local Privilege Escalation exploits to deliver malware to an iOS device.

The payload was LightSpy, a spyware trojan used to steal personal data from a mobile device, including messaging and browser data, take screenshots, and compile a list of nearest detected Wi-Fi networks. For the distribution of LightSpy, news portals were used, including those related to COVID-19.

“The banking Trojans GINP, Cebruser, Ghimob and Cookiethief are the most common malware for Android users. Ghimob, for example, steals credentials from various financial systems, including Brazilian banking apps and cryptocurrency wallets”, – said the experts.

The malware used Accessibility services not only to steal data from application windows, but also to interact with the operating system. Whenever a user tried to access the Ghimob removal menu, the trojan would immediately open the home screen to protect itself from being removed.

What is more, in 2020, 156,710 installation packages for mobile banking Trojans were detected, which is double the number of the previous year. The main banking Trojans were Agent (72% of all infections), followed by Wroba (5.44%), Rotexy (5.18%), Anubis (2.88%), etc.

As we reported, China officially legalized the “Social Credit System” and you may also be interested in the Published sum of loss from Internet blocking in Belarus in 2020.