Banking malware threats surging as mobile banking increases

Banking malware threats are sharply increasing as cyber criminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentials and credit card information.

The report, based on data aggregated from network traffic monitored on more than 200 million devices globally where Nokia’s NetGuard Endpoint Security product is deployed, showed an 80%, year-on-year increase in the first half of the year in the number of new banking trojans, which also try to steal SMS messages containing one-time passwords.

“A significant amount of this activity is focused in Europe and Latin America, but this activity is continuously spread to other regions of the world,” according to the report.

“Banking trojans use a variety of tricks to collect the information. These include capturing keystrokes, overlaying bank login screens with their own transparent overlay relaying captured information to the intended target, taking screen snapshots, and even accessing Google Authenticator codes.”

Banking malware has been targeted mainly at Android phones, for years the most targeted mobile device type for cyber criminals due to Android’s ubiquity and developer openness, with some banking trojans among the most successful malware attacks in 2021.

Overall mobile infection rate

The report shows the percentage of infected mobile devices observed monthly since August 2019. This data has been averaged from mobile deployments in Europe, North America, Asia Pacific and the Middle East.

In H2 2020 and H1 2021, an average of 0.12% of devices were infected each month. This is down from the peak of 0.23% in the previous year.

This peak was driven by COVID-19 lockdowns, which led to more cyber security incidents in February and March of 2020. Efforts to educate users on how to protect themselves against threats had a dramatic impact, with a noticeable decline in attacks in the following months.

A few minor spikes were observed in July, September and December 2020, which can be attributed to ongoing phishing campaigns.

This is business as usual for cyber criminals, who continue to use phishing campaigns to take advantage of people seeking information about vaccines as well as online shoppers during the December holiday season.

The Threat Intelligence Report

Most banking applications allow users to add a multi-factor authentication feature to their accounts to make it more difficult for cybercriminals to obtain personal information.

Users are strongly recommended to avoid mobile banking from easily accessible public WiFi access points; and to use both multi-factor authentication when available and strong passwords, which avoid common personal details like birthdays.

The report also found that Covid-19 related malware incidents in residential networks have leveled off at 2.5% after a peak in December 2020 of 3.2%. This demonstrates that people are more aware of the threats posed by Covid-related cyber-attacks and are taking steps to secure their home working environment.

IoT botnets, a network of devices connected with malware, continue to grow in size and sophistication, due to the rising use of IoT devices, like “smart” refrigerators and video surveillance cameras.

One known as Mozi, which uses a peer-to-peer command and control protocol, has been used to create botnets consisting of around 500,000 individual devices. Mozi actively scans the network and uses a suite of known vulnerabilities to exploit additional IoT devices. IoT botnets are responsible for 32% of the malware incidents detected.

Infections by device

The report provides a breakdown of infections by device type in 2021.

Among smartphones, Android devices remain the most targeted by malware due to the open environment and availability of third-party app stores. Android devices make up 50.31% of all infected devices, followed by Windows devices, which account for 23.1% of all observed infections.

A notable increase was seen this year in the macOS (formerly OSX) space, driven by an increase in Mac-based adware, particularly in the ADLOAD family of adware. For more information, see the Mac malware section.

“Cybersecurity threats only evolve and look for new opportunities, as shown by this year’s report,” comments Kevin McNamee, Director of Nokia’s Threat Intelligence Center.

“Banking trojans have dramatically increased over the last year as digital banking becomes more prevalent – and this is a trend we see continuing into the future which reinforces the need for better online practices and having robust endpoint security in place.”