Mobile threats

Since 2011 Kaspersky has continuously monitored the development of FinSpy and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019.

Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted for the European “market.

Many people have had a run-in with subscriptions to mobile content providers. They appear out of the blue, and get discovered only when account funds run dry. We recently discovered several apps in Play Market directly related to such intrusive services.

In Q1 2019, Kaspersky Lab solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 243,604 users and detected attacks using miners on the computers of 1,197,066 users.

Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019.

If someone steals your phone number, you’ll face a lot of problems, especially because most of our modern two-factor authentication systems are based on SMSs that can be intercepted using this technique.

BasBanke is a banking Trojan built to steal financial data such as credentials and bank card numbers, but not limited to this functionality. The propagation of this threat began during the 2018 Brazilian elections, registering over 10,000 installations to April 2019 from the official Google Play Store alone.

One year has passed since we published the first blogpost about the Roaming Mantis campaign, and this February we detected new activity by the group. Here we follow up on our earlier reporting about the group with updates on their tools and tactics.

Spyware might sound like a concept from a Hollywood movie, yet commercial versions of such programs – known in the cybersecurity industry as ‘stalkerware’ – are a daily reality for many people. For the price of just a few dollars, consumer spyware programs allow users to spy on their current or former partners, and even strangers

The presented report continues the series of Kaspersky Lab reports that provide an overview of how the financial threat landscape has evolved over the years. It covers the common phishing threats that users encounter, along with Windows-based and Android-based financial malware.

Users of mobile devices in 2018 faced what could be the strongest cybercriminal onslaught ever seen. Over the course of the year, we observed both new mobile device infection techniques and a step-up in the use of tried-and-tested distribution schemes (for example, SMS spam).

All too often, both rely on manipulating human psychology as a way of compromising entire systems or individual computers. Increasingly, the devices targeted also include those that we don’t consider to be computers – from children’s toys to security cameras. Here is our annual round-up of major incidents and key trends from 2018

On the back of a surge in Trojan activity, we decided to carry out an in-depth analysis and track the evolution of some other popular malware families besides Asacub. One of the most interesting and active specimens to date was a mobile Trojan from the Rotexy family.

Asking the most intelligent people I know, and basing our scenario on APT attacks because they traditionally show the most innovation when it comes to breaking security, here are our main ‘predictions’ of what might happen in the next few months.

LuckyMouse, mobile Trojan Asacub, BusyGasper, KeyPass ransomware and other notable targeted attacks and malware stories of Q3 2018.