{"id":30334,"date":"2022-03-26T01:05:26","date_gmt":"2022-03-25T14:05:26","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/mobile-malware-2021\/30334\/"},"modified":"2022-03-26T01:05:36","modified_gmt":"2022-03-25T14:05:36","slug":"mobile-malware-2021","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/mobile-malware-2021\/30334\/","title":{"rendered":"Mobile threats: who targeted smartphones in 2021"},"content":{"rendered":"

We continuously monitor the mobile threat landscape to keep you informed of the most important trends. Not long back, we published a report<\/a> about the threats facing smartphone and tablet owners in 2021. First the good news: a major takeaway is that last year we saw a significant decrease in mobile threat activity compared to 2020. However, with that said \u2014 it\u2019s too early to relax. For one thing, the number of attacks on smartphones and tablets fell only relative to the record high of 2020, and remained at around the same level as in 2019. For another, cybercriminals are becoming increasingly inventive.<\/p>\n

Adware attacks<\/h2>\n

One of the trends in 2021 was the introduction of malicious code in third-party ads modules, which developers of various useful apps often plug in to monetize their work. For example, last spring cybercriminals used a malicious advertisement SDK to infect<\/a> APKPure, a popular alternative Android app store. Fortunately, its developers took security seriously, and released a clean version a day after we got in touch with them.<\/p>\n

A similar story happened<\/a> with the popular WhatsApp mod FMWhatsApp: one of the versions of the app harbored the Triada Trojan<\/a> inside an advertisement SDK. This Trojan is infamous for being very difficult to remove from an infected device. Moreover, Triada rarely comes alone and tends to download a bunch of other malicious apps onto the victim\u2019s device.<\/p>\n\n

Malware on Google Play<\/h2>\n

We\u2019ve already written more than once that malware can sneak into official app stores<\/a>. To pass all checks and get to through to users, cybercriminals employ all sorts of tricks, such as loading malicious code into an approved program in the guise of an update. In 2021, loaders for various Trojans were found in apps on Google Play, which included the Joker and Facestealer malware. Joker stealthily takes out paid subscriptions for the user, while Facestealer, as the name suggests, specializes in stealing Facebook credentials.<\/p>\n

In most cases, to spread their creations via Google Play, cybercriminals add tiny injections of malicious code to an otherwise harmless apps that have been already approved by the store. For example, the authors of the Joker Trojan took advantage of the popularity of the Korean TV series Squid Game<\/em> to hide the malware in an app that offered themed wallpapers. When Joker was discovered, there were more than 200 apps dedicated to the series on Google Play, and many of them borrowed features from each other. Unsurprisingly, when scanning such programs, the store moderators let a malicious \u201cupgrade\u201d sneak past. Small injections of malicious code are hard to detect during moderation, which cybercriminals constantly try to exploit.<\/p>\n

\"One<\/a>

One of the apps in Google Play that contained Joker Trojan<\/p><\/div>\n

Bankers \u2014 creative theft<\/h2>\n

For several years now, banking Trojans have been hunting, not just for bank accounts but also for accounts in online stores and other digital services. In 2021, their area of interest widened even further: our experts discovered the Gamethief<\/a> malware, which steals login data for the mobile version of the game PlayerUnknown\u2019s Battlegrounds<\/em> (PUBG). This is the first mobile<\/em> Trojan that specializes in stealing gaming accounts \u2014 just a few years ago, this type of malware was exclusive to desktop computers.<\/p>\n

Cybercriminals also improved the functionality of their creations. For example, the Fakecalls banking Trojan is capable of dropping the call if the user tries to contact their bank, and replacing it with a pre-recorded response of a fake bank representative. That way, the malware lulls the victim into thinking that a bank employee answered the call.<\/p>\n

How to protect your smartphone from malware<\/h2>\n

Cybercriminals are resourceful and take every opportunity to prey on mobile device users. So, regardless of their activity level, it pays to be alert.<\/p>\n