In 2024, as digital financial transactions continued to expand worldwide, cybercriminals shifted their focus toward mobile devices and crypto assets. According to Kaspersky’s new Financial Cyberthreats report, the number of users encountering mobile banking Trojans rose by 3.6 times compared to 2023, while crypto‑related phishing detections climbed by 83.4%. Meanwhile, PC‑focused malware saw a decline in traditional banking attacks but a surge in crypto‑asset theft. This data comes from Kaspersky’s new Financial Cyberthreats report for 2024.
Financial phishing
In 2024, online fraudsters continued to lure users to phishing and scam pages that mimicked the websites of popular brands and financial organizations.
Banks were the most popular lure in 2024, accounting for 42.6% of financial phishing attempts (compared to 38.5% in 2023).
Amazon Online Shopping was mimicked by 33.2% of all phishing and scam pages targeting online store users in 2024, making it the most popular online brand target for fraudsters. Apple’s share of attacks dropped nearly 3 p.p. on last year’s figure to 15.7%, while Netflix scams grew slightly to 16%. Meanwhile, fraudsters' interest in the Alibaba marketplace increased, its share going up from 3.2% in 2023 to 8% in 2024.
Payment systems were mimicked in 19.3% of financial phishing attacks detected and blocked by Kaspersky products in 2024 (19.9% in 2023). Once again PayPal was the most targeted brand, however, the ratio of attacks related to it fell from 54.7% to 37.5%. Attacks targeting Mastercard, on the contrary, nearly doubled from 16.6% in 2023 to 30.5% in 2024. American Express and Cielo are the new entrants into the top five replacing Visa, Interac and PayPay.
In 2024, the number of phishing and scam attacks related to cryptocurrencies saw a whopping increase. Kaspersky antiphishing technologies prevented 10,706,340 attempts to follow a cryptocurrency-themed phishing link, an 83.4% increase over the 2023 figure of 5,838,499. As cryptocurrency popularity continues to grow, the number of attacks is only ever going to get larger.
Financial malware for PCs
While the number of users who encountered mobile banking malware increased, the share of those who were affected by financial PC malware decreased from 312,453 in 2023 to 199,204 in 2024. Currently most financial PC malware that Kaspersky detects is targeting not online banking, but crypto assets. The banking Trojans that were most often detected in 2024 included ClipBanker (62.9%), Grandoreiro (17.1%), CliptoShuffler (9.5%) and BitStealer (1.3%). Grandoreiro is a full-fledged banking Trojan that targeted 1,700 banks and 276 crypto wallets in 45 countries and territories around the globe in 2024.
Among the top 20 countries by the share of users affected by financial malware for PCs were Turkmenistan (8.8%), Tajikistan (6.2%), Kazakhstan (2.5%), Switzerland (2.3%), Kyrgyzstan (2.2%), Mexico (1.6%), Argentina (1.1%), Paraguay (1.1%) and Uruguay (1%).
Mobile financial threats
In 2024, the number of users who encountered mobile banking Trojans grew 3.6 times compared to 2023: from 69,200 to 247,949, with malicious activity significantly increasing in the second half of 2024. The most active Trojan-Banker family in 2024 was Mamont (36.7%). Its distribution schemes ranged from simple scams to complex social engineering plots with fake stores and delivery tracking apps.
Türkiye remained the country most targeted by mobile banking malware. The share of users encountering financial threats there grew by almost 3 p.p. and reached 5.7%. Malicious activity also increased in Indonesia (2.7% of all users per country affected), India (2.4%), Azerbaijan (0.9%), Uzbekistan (0.6%) and Malaysia (0.3%).
“In 2024, financial phishing and scams increased in numbers and reached a new level of sophistication, unleashing waves of attacks on users. Fraudsters are increasingly leveraging fake brands and services to get user data, and the popularity of smartphones for financial transactions only fuels their appetite. Looking ahead, we expect financial phishing to become even more personalized and targeted, focusing on exploiting vulnerabilities in everyday digital habits, which will demand increased vigilance and thorough approaches to protection,” comments Olga Svistunova, senior web content analyst at Kaspersky.
Read more in the post on Securelist.com.
Kaspersky recommends the following tips to stay protected.
For individual users:
- Use multifactor authentication, strong unique passwords.
- Do not follow links from suspicious messages and double-check web pages before entering your credentials or banking card details.
- Use reliable security solutions capable of detecting and stopping both malware and phishing attacks.
- Download apps only form trusted sources, such as official app marketplaces. However, it’s not always risk-free either. Kaspersky recently discovered SparkCat, the first screenshot-stealing malware to bypass the App Store's security. The malware was also found on Google Play, with a total of 20 infected apps across both platforms, proving that these stores are not 100% foolproof. Always check app reviews.
- Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services.
For businesses:
- Update your software in a timely manner. Pay particular attention to security patches.
- Improve your employees’ security awareness on a regular basis and encourage safe practices, such as proper account protection.
- Implement robust monitoring and cybersecurity solutions.
- Implement strict security policies for users with access to financial assets, such as default deny policies and network segmentation.
- Use threat intelligence services from trusted sources to stay aware of the latest threats and cybercrime trends.
