Financial threats

In 2019, Kaspersky mobile products and technologies detected 3,503,952 malicious installation packages, 69,777 new mobile banking Trojans and 68,362 new mobile ransomware Trojans.

We discovered what appears to be one of AZORult’s most unusual campaigns: abusing the ProtonVPN service and dropping malware via fake ProtonVPN installers for Windows.

To attack macOS users, the Lazarus group has developed homemade macOS malware, and added an authentication mechanism to deliver the next stage payload very carefully, as well as loading the next-stage payload without touching the disk.

During the year, Kaspersky solutions repelled 975 491 360 attacks launched from online resources located all over the world and 273 782 113 unique URLs were recognized as malicious by web antivirus components.

Based on publicly available statistics and announcements monitored by Kaspersky experts, 2019 has seen at least 174 municipal organizations targeted by ransomware.

Short overview of year’s key events, analysis of forecasts for 2019 and our predictions about cyberthreats to financial institutions in 2020

Kaspersky solutions blocked 989,432,403 attacks launched from online resources in 203 countries across the globe; 560,025,316 unique URLs were recognized as malicious by Web Anti-Virus components.

Now one can say that only the lazy did not use Hqwar: Kaspersky’s collection of viruses features over 200,000 Trojans packed using Hqwar.

Nowadays, cybercriminals have a thousand and one ways of creating and spreading ransomware. However, those fighting ransomware are not standing still either. In fact, we have two pieces of good news to share with you.

When we first discovered ATMDtrack, we thought we were just looking at another ATM malware family. Now we can add another family to the Lazarus group’s arsenal: ATMDtrack and Dtrack.

Kaspersky solutions blocked 717,057,912 attacks launched from online resources in 203 countries across the globe, 217,843,293 unique URLs triggered Web Anti-Virus components.

In the first half of 2019, more than 430,000 unique users were attacked by financial threats – seven percent more than during the same period in 2018. The number of financial attacks was 10,493,792 – 93% more than in the first half of 2018.

In spring 2019, we discovered a new ATM malware sample written in Java that was uploaded to a multiscanner service from Mexico and later from Colombia. After a brief analysis, it became clear that the malware, which we call ATMJaDi, can cash out ATMs.

Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted for the European “market.

In Q1 2019, Kaspersky Lab solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 243,604 users and detected attacks using miners on the computers of 1,197,066 users.