The number of cyberattacks targeting banking data on smartphones grew significantly in 2024, with a 196% increase compared to the previous year, according to a report by cybersecurity company Kaspersky.
Kaspersky recorded more than 33.3 million attacks on smartphone users worldwide, with cybercriminals using malware and unwanted software to steal banking credentials. The number of Trojan banker attacks on Android smartphones rose from 420,000 in 2023 to 1,242,000 in 2024. These types of malware are designed to steal login details for online banking, payment services, and credit card systems.
“Scammers have started to scale down their efforts to create unique malware packages, focusing instead on distributing the same files to as many victims as possible,” Anton Kivva, a security expert at Kaspersky, said in a media release.
Cybercriminals use various tricks to distribute these malicious programs, including links sent via SMS and messaging apps, attachments in chat applications, and fake websites. Some even hijack hacked accounts to send messages, making scams appear more credible. Attackers also take advantage of trending news and popular topics to lure victims.
Mobile threats
Despite the rapid rise in Trojan banker cases, they only accounted for 6% of all mobile threats in 2024. Adware remained the most common type, affecting 57% of attacked users, followed by general Trojans at 25% and RiskTools at 12%.
On average, cybercriminals launched 2.8 million malware, adware, and unwanted software attacks on mobile devices each month in 2024. Among the most active threats was Fakemoney, a group of scam apps that promised fake investment returns and payouts. Another growing concern was unofficial versions of WhatsApp modified to contain Triada-type Trojans, which can install additional malware or adware. These WhatsApp mods ranked as the third most active threat, just behind general cloud-based threats.
“It is more important than ever to be cyber-literate and educate your loved ones – from children to the elderly – because no one is completely safe from well-crafted scams and psychological tricks designed to steal banking data,” Kivva said.