Banking Trojan Infections Dominated In Q1 2019
Kaspersky Lab, the research arm of Kaspersky, an antivirus vendor has revealed that the first quarter of 2019 saw the double growth of banking trojan cases globally compared to the last quarter of 2018. Cybercriminals have switched their focus on banking trojan after the shutdown of the very popular Coinhive cryptojacking service last March 2019. With the focus towards profit, ransomware infections are slowly declining while operating system mitigations are lessening cryptocurrency malware’s infection vectors.
“In Q1 2019, Kaspersky Lab detected a 58% increase in modifications of banking Trojan families, used in attacks on 312,235 unique users. Banking Trojans grew not only in the number of different samples detected, but their share of the threat landscape increased as well. In Q4 2018, mobile banking Trojans accounted for 1.85% of all mobile malware; in Q1 2019, their share reached 3.24%,” explained Victor Chebyshev, Kaspersky’s Lead of Research Development team.
Banking trojans of 2019 are highly modular, with new features added on-the-fly by their respective authors. Kaspersky detected that for the first quarter of 2019 alone, 29,841 variants of banking trojans were discovered. That is a sizable increase from just 18,501 discovered variants in the 4th quarter of 2018.
“As is customary, first place in the Top 20 for Q1 went to the DangerousObject.Multi.Generic verdict (54.26%), which we use for malware detected using cloud technologies. Cloud technologies are deployed when the antivirus databases lack data for detecting a piece of malware, but the company’s cloud already contains information about the object. This is basically how the latest malicious programs are detected,” added Chebyshev.
Kaspersky is expecting that the mobile platform is the segment that will be mostly hit. This is given because users today tend to perform more computing with their mobile device compared to a full fledged computer.
“The rapid rise of mobile financial malware is a troubling sign, especially since we see how criminals are perfecting their distribution mechanisms. For example, a recent tendency is to hide the banking Trojan in a dropper – the shell that is supposed to fly to the device under the security radar, releasing the malicious part only upon arrival,” concluded Chebyshev.