In 2024, the cybersecurity landscape witnessed a significant escalation in mobile banking malware incidents, with approximately 248,000 users falling victim to these malicious attacks. This figure represents a 3.6-fold increase from the 69,000 cases reported in 2023, highlighting a growing trend of cybercriminals exploiting mobile platforms for financial gain.
The latter half of 2024 saw a pronounced spike in these infections, underscoring the urgency for enhanced security measures and user awareness. Cybercriminals have refined their tactics, employing advanced social engineering techniques to deceive users into downloading and installing harmful applications.
Dominant Malware Families
Among the various malware strains identified, the Mamont family emerged as the most prevalent, accounting for 36.7% of all mobile banking malware attacks. First detected in late 2023, Mamont primarily targets users in Russia and the Commonwealth of Independent States (CIS) through intricate social engineering schemes. Other notable malware variants include Agent.rj, responsible for 11.14% of attacks, and UdangaSteal.b, contributing to 3.17%.
Social Engineering Tactics
These banking trojans utilize a range of deceptive strategies to lure users into installing malicious software. Tactics range from simple messages like “Is that you in the picture?” sent via social media platforms to more elaborate schemes involving counterfeit online stores and fake delivery tracking applications. Once installed, these trojans can steal login credentials, intercept authentication codes, and execute unauthorized financial transactions.
Geographical Impact
Geographically, Turkey has been the most affected, with 5.68% of Kaspersky mobile security users encountering financial threats—a 2.7 percentage point increase from the previous year. Other significantly impacted countries include Indonesia (2.71%), India (2.42%), and Azerbaijan (0.88%), illustrating the global reach of these malicious campaigns.
Infection Mechanisms
The infection process typically begins with social engineering tactics designed to trick users into installing seemingly legitimate applications. In the case of Mamont, the malware is distributed through bogus app stores or direct downloads from phishing sites.
When victims install these applications, the malware requests extensive permissions including SMS access, notification access, and accessibility services—capabilities that allow it to intercept authentication codes and overlay legitimate banking apps with phishing screens.
The malware’s command structure relies on a simple but effective approach:
“`
receive_sms {
if (message contains “verification” || “code” || “OTP”) {
forward_to_command_server(message);
hide_message_from_user();
}
}
“`
Protective Measures
To safeguard against these threats, experts recommend the following measures:
– Download Apps from Official Sources: Obtain applications exclusively from reputable app stores to minimize the risk of downloading malicious software.
– Scrutinize Permissions: Carefully review the permissions requested by apps, especially those seeking access to sensitive information or device functionalities.
– Utilize Reliable Security Solutions: Install and maintain up-to-date security software capable of detecting and blocking malicious activities.
– Implement Multi-Factor Authentication (MFA): Enhance account security by enabling MFA, adding an extra layer of protection against unauthorized access.
By adopting these practices, users can significantly reduce their vulnerability to mobile banking malware and protect their financial information from cybercriminals.
