Researchers warn of rise of malicious banking trojans

Researchers called the trend a "troubling sign"

The number of malicious mobile banker packages on the web increased by 58 per cent in the first quarter of 2019.

That's according to Kaspersky's most recent IT threat evolution report, which reveals that more than 300,000 users have been attacked.

In particular, researchers have noticed a rise in malware that steals credentials and money from people's bank accounts. They identified 29,841 cases of such malware.

'Mobile banking Trojans are one of the most rapidly developing, flexible and dangerous types of malware,' explained Kaspersky in a media announcement.

'They usually steal funds directly from mobile users' bank accounts, but sometimes their purpose is changed to steal other kinds of credentials.

'The malware generally looks like a legitimate app, such as a banking application. When a victim tries to reach their genuine bank app, the attackers gain access to that too.'

At the start of the year, Kaspersky said it detected around 30,000 malicious banking Trojans affecting 312,235 unique users.

What is particularly concerning is that it wasn't only the number of different samples detected that grew, but also their share of the threat landscape.

In Q4 2018, mobile banking Trojans represented 1.85 per cent of all mobile malware. In Q1 2019, this grew to 3.24 per cent.

Although security firms have found an array of different Trojans in the wild, the most active during this period was a new version of the Asacub malware. It accounted for 58.4 per cent of dangerous banking trojans.

Kaspersky said: 'Asacub first appeared in 2015. The attackers spent two years perfecting its distribution scheme and, as a result, the malware peaked in 2018, when it attacked 13,000 users a day.

'Since then, its rate of spreading has closed down, although it remains a powerful threat: in Q1 2019, Kaspersky Lab detected Asacub targeting on average 8,200 users a day.'

Other online threat statistics from the Q1, 2019 report include:

• Kaspersky Lab solutions detected and repelled 947,027,517 malicious attacks from online resources located in 203 countries around the world.
• 246,695,333 unique URLs were recognised as malicious by web antivirus components.
• Attempted infections by PC-malware that aims to steal money via online access to bank accounts were registered on 305,315 user computers.
• Kaspersky Lab's file antivirus detected a total of 239,177,356 unique malicious and potentially unwanted objects.

Kaspersky security researcher Victor Chebyshev believes the rapid rise of mobile financial malware is a troubling sign, especially since criminals are perfecting their distribution mechanisms.

He said: "A recent tendency is to hide the banking Trojan in a dropper - the shell that is supposed to fly to the device under the security radar, releasing the malicious part only upon arrival."