Threat Category: Mobile threats

The most notable mobile threats of 2024, and statistics on Android-specific malware, adware and potentially unwanted software.

Kaspersky experts discover iOS and Android apps infected with the SparkCat crypto stealer in Google Play and the App Store. It steals crypto wallet data using an OCR model.

Kaspersky GReAT experts discovered a new campaign targeting Android devices in Malaysia and Brunei with the Tria stealer to collect data from apps like WhatsApp and Gmail.

The Mamont banking trojan is spreading under the guise of a parcel-tracking app for fake stores claiming to offer goods at wholesale prices.

The Q3 2024 mobile threat statistics encompass data on cyberattacks against Android devices involving malware, adware and potentially unwanted apps.

Kaspersky experts share their insights into cyberthreats that face online shoppers in 2024: phishing, banking trojans, fake shopping apps and Black Friday sales on the dark web data market.

Kaspersky’s GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025.

Kaspersky experts have discovered a new version of the Necro Trojan, which has attacked tens of thousands of Android devices through Google Play and Spotify and WhatsApp mods.

The report gives statistics on mobile malware and unwanted software for Q2 2024, including mobile banking Trojans and ransomware.

Previously unknown spyware LianSpy targets Android devices by exploiting root privileges to steal data and leveraging Yandex Disk cloud service as C2.

Mandrake spyware threat actors resume attacks with new functionality targeting Android devices while being publicly available on Google Play.

Mobile malware statistics for Q1 2024: most common threats for Android, mobile banking Trojans, and ransomware Trojans.

In this report, we review the most significant malware-related events of Q1 2024: the disclosure of the hardware vulnerability used in Operation Triangulation, a lightweight method to detect iOS malware and DinodasRAT Linux implant.

In this report, we share our insights into the 2023 trends and statistics on financial threats, such as phishing, PC and mobile banking malware.

We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.

Reports

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence.

Mobile threats

Mobile malware evolution in 2024

Take my money: OCR crypto stealers in Google Play and App Store

No need to RSVP: a closer look at the Tria stealer campaign

Download a banker to track your parcel

IT threat evolution in Q3 2024. Mobile statistics

Scammer Black Friday offers: Online shopping threats and dark web sales

Сrimeware and financial cyberthreats in 2025

How the Necro Trojan infiltrated Google Play, again

IT threat evolution in Q2 2024. Mobile statistics

LianSpy: new Android spyware targeting Russian users

Mandrake spyware sneaks onto Google Play again, flying under the radar for two years

IT threat evolution in Q1 2024. Mobile statistics

IT threat evolution Q1 2024

Financial cyberthreats in 2023

SoumniBot: the new Android banker’s unique techniques

Reports

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Careto is back: what’s new after 10 years of silence?

Subscribe to our weekly e-mails