Mobile Malware Attacks Decline in 2017: Kaspersky Report

Though overall the number of mobile malware attacks has increased in 2017, there has been a decline in many different types of mobile attacks, says the Kaspersky Annual Mobile Malware Evolution report for 2017, published on March 7.

As per the Kaspersky Lab Mobile Malware Evolution report, there have been 42.7 million attempted mobile malware attacks in 2017. This shows an increase in the overall number of attacks; the figure was 40 million in 2016. At the same time, a number of different types of mobile attacks, including rooting malware and mobile banking Trojans, have shown a declining trend.

Kaspersky Lab senior malware analyst Roman Unuchek writes, elaborating upon the findings of the report– “The number of users attacked by rooting malware in 2017 decreased compared to the previous year. However, this threat is still among the most popular types of malware – almost half the Trojans in our Top 20 rating belong to families that can get root privileges. The decrease in their popularity among cybercriminals was most probably due to a decline in the number of devices running older versions of Android – the malware’s main targets. According to Kaspersky Lab data, the percentage of users with devices running Android 5.0 or older declined from more than 85% in 2016 to 57% in 2017, while the proportion of Android 6.0 (or newer) users more than doubled – 21% in 2016 compared to 50% in 2017 (6% of users updated their devices during 2016, 7% – during 2017). Newer versions of Android don’t yet have common vulnerabilities that allow super-user rights to be gained, which is disrupting the activity of rooting malware.”

Though there has been a decline in the popularity of rooting malware, it doesn’t mean cyber criminals have given them up completely. They still use these malware to flood devices with ads and making users download and install various apps; the only thing is that hackers are not using these malware now to exploit vulnerabilities as much as they did earlier.

The other notable things are the decline of banking malware and the rise in the number of malware attacks on mobile devices. Let’s take a closer look at these:

The banking malware scenario

As per the Kaspersky Lab Mobile Malware Evolution report, there has been a decline as regards mobile banking Trojans, in 2017, compared to 2016. While Kaspersky Lab detected 128,886 installation packages for mobile banking Trojans in 2016, in 2017 the figure went down to 94,368. This could be attributed to the different tools that are there to protect Android devices from banking malware. Roman Unuchek writes- “The latest versions of Android OS include lots of different tools designed to prevent malware from performing malicious actions. However, banking Trojans are constantly looking for ways to bypass these new restrictions, and in 2017 we saw some striking examples of this. In July, we discovered a new Trojan-Banker.AndroidOS.Svpeng.ae modification capable of granting itself the necessary permissions. ” He adds, “In August, we came across yet another representative of the Svpeng mobile malware family that used accessibility services. ”

The Ransomware scenario

Mobile ransomware is showing a rising trend all the world over. According to the Kaspersky Lab Mobile Malware Evolution report, 544,107 mobile ransomware packages were discovered in 2017. The notable factor is that this is double the figure reported the previous year. Roman Unuchek elaborates- “The first half of 2017 was marked by a rapid growth in the number of new installation packages for mobile Trojan ransomware – in just six months we detected 1.6 times more files than in the whole of 2016. However, from June 2017, the statistics returned to normal. Interestingly, the growth was triggered by just one family – Ransom.AndroidOS.Congur. Over 83% of all installation packages for mobile Trojan ransomware detected in 2017 belonged to this family.” He adds- “Throughout the year mobile ransomware remained both simple and effective, with its capabilities and techniques almost unchanged: it overlaid all other windows with its own window, blocking the operation of the device. It should be noted that two popular mobile banking families – Svpeng and Faketoken – acquired modifications capable of encrypting user files, though in general encryptor functionality wasn’t that popular among mobile Trojans.”

The geography of mobile malware threats

The Kaspersky Lab Mobile Malware Evolution report points out that the mobile malware attacks were spread across over 230 countries and territories. The top 10 countries that were attacked by mobile malware in 2017 were Iran, Bangladesh, Indonesia, Algeria, Nigeria, China, Ivory Coast, India, Nepal and Kenya. Iran was in the second position in 2016; in 2017 Iran came to the first position, switching places with Bangladesh. It is also pointed out that in every country that’s featured in the Kaspersky rating, the most popular malicious programs happened to be those monetized primarily through advertising.