Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans.
The rapid growth in the total number of attacks between Q2 and Q4 2023 is primarily attributed to the surge in adware and Trojan activity, which roughly doubled in absolute terms during this period.
Ahu, a Trojan hidden inside a WhatsApp mod, that steals encrypted messenger databases along with their decryption keys.
The number of detected samples of Android malware and unwanted software fell in Q4 2023 and climbed again in Q1 2024, reaching 389,178 installation packages.
The distribution of detected packages by type underwent no significant changes, but the number of Trojan droppers increased noticeably.
At the same time, the Triada adware Trojan, mentioned in our previous report and distributed in WhatsApp mods, accounts for an increasingly large share of attacks by Trojan-type malware.
Generic yielded the top spot in the ranking of the most common malicious apps to the WhatsApp modification Trojan.
Pre-installed on some devices, this Trojan collects the personal data of the device owner and can download arbitrary apps without the user's knowledge.
Unique users who encountered this Trojan modification in the indicated country as a percentage of all Kaspersky mobile security solution users attacked by the same modification.
Turkey continues to be flooded with banking Trojan variants.
The primary functionality of that Trojan is stealing texts.
Two text-stealing Trojans are active in Indonesia: SmsThief.
Unlike most Trojans, users often intentionally download such apps in order to deceive sellers who accept payment by transfer.
BRats is another banking Trojan that continues to be distributed predominantly in Brazil.
Users in Thailand encountered the EvilInst Trojan, which spreads under the guise of games but in fact, just opens a website with cracked games and sends paid texts.
The number of new unique installation packages for banking Trojans remains low.
Number of installation packages for mobile banking Trojans detected by Kaspersky, Q1 2023 - Q1 2024.
Rasket Trojans are built on Tasker automation scripts, which are designed to automate routine actions on a device but have sufficient functionality to write ransomware.
Number of installation packages for mobile ransomware Trojans detected by Kaspersky, Q1 2023 - Q1 2024.
The same dynamic is reflected in the distribution of attacks for the most active samples: after a sharp rise, the share of the Rasket Trojan in Q1 almost halved.
This Cyber News was published on securelist.com. Publication date: Mon, 03 Jun 2024 10:13:05 +0000