Kaspersky has released its annual Financial Threats Report for 2023, offering a detailed analysis of the evolving financial cyberthreat landscape. The report reveals significant increases in mobile banking malware and cryptocurrency-related phishing, signaling growing threats to digital financial assets.
The previous 12 months has witnessed a substantial rise in the number of users encountering mobile banking Trojans, with attacks on Android users surging by 32 percent – contrary to 2022. The most prevalent banking trojan was Bian.h, accounting for 22 percent of all Android attacks. Geographically, Afghanistan, Turkmenistan, and Tajikistan recorded the highest share of users encountering banking Trojans, with Turkey leading mobile banking malware attacks, with almost three percent of users affected (2.98%).
While the number of users affected by financial PC malware saw an 11 percent decline in 2023, Ramnit and Zbot were identified as the predominant malware families, targeting more than 50 percent of affected users. Consumers continued to be the primary target, comprising 61.2 percent of all attacks.
In 2023, financial phishing remained a significant threat, accounting for 27.32 percent of all phishing attacks on corporate users and 30.68 percent on home users. E-shop brands were identified as the top lure, with 41.65 percent of financial phishing attempts. Additionally, PayPal phishing represented 54.78 percent of phishing pages targeting electronic payment system users. The report also highlighted a 16 percent year-on-year growth in cryptocurrency phishing, with 5.84 million detections in 2023 compared to 5.04 million in 2022.
E-shop phishing was identified as the most prevalent, recording 41.65 percent of all financial phishing pages. Amazon emerged as the most mimicked online store, accounting for 34 percent of phishing attempts, followed by Apple at 18.66 percent and Netflix at 14.71 percent. PayPal was the most targeted payment system, with 54.73 percent of attacks.
Cryptocurrency-related phishing and scams continued to grow, with Kaspersky preventing 5,838,499 attempts to follow cryptocurrency-themed phishing links – a 16 percent increase on 2022. Scammers mimicked cryptocurrency exchanges and offered coins in the name of large enterprises like Apple.
“Money has always been a magnet for
cybercriminals, and a substantial portion of malware attacks are financially
motivated. The surge in mobile malware witnessed last year highlights a
concerning trend in cybercrime. With the emergence of new and aggressive
malware strains, attackers are evolving their tactics to target mobile devices
more aggressively. This underscores the imperative for individuals and
businesses to maintain heightened vigilance, update protective measures, and
fortify device security accordingly,” commented Igor Golovin, a security
expert at Kaspersky.
To learn more about the state of financial threats in 2023, visit Securelist.com.
To stay safe from mobile malware, Kaspersky recommends:
- It’s safer to download your apps only from official stores like Google Play or Amazon Appstore. Apps from these markets are not 100 percent failsafe, but they get checked by shop representatives and there is some filtration system — not every app can get into these stores.
- Check the permissions of the apps that you use and think carefully before permitting an app, especially when it comes to high risk permissions such as permission to use Accessibility Services.
- A reliable security solution can help you to detect malicious apps and adware regardless of their obfuscation techniques before they can start behaving badly on your device.
· A good piece of advice is to update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software