Banking malware: 3.6 times more attacks on mobile users

Cybercriminals have adapted their methods in 2024 and are increasingly targeting mobile devices and the cryptocurrency sector.

According to the latest Kaspersky Financial Threats Report, the number of users affected by banking malware on mobile devices has risen dramatically – by 3.6 times compared to the previous year. At the same time, the number of phishing attempts in the cryptocurrency sector grew by 83 percent. Attackers often used well-known brands such as Amazon, Apple and Netflix as a cover for fraudulent phishing pages.

Financial phishing: banks, e-commerce and streaming services targeted

A large proportion of phishing attacks targeted financial institutions and well-known online services. 42.6 percent of financial-related phishing attempts were carried out under the guise of banks. However, shopping portals, streaming providers and payment services were also increasingly imitated:

• Amazon was the most frequently abused online shopping portal with 33 percent.
• Netflix was imitated on 16 percent of phishing pages.
• Apple was the target of 15.7 percent of the attacks.
• Alibaba recorded an increase in phishing attempts from 3 to 8 percent.
• PayPal remained the most frequently imitated payment system, even though its share fell from 55 to 38 percent.
• Mastercard-related phishing attacks almost doubled from 17 to 31 percent.

Phishing attempts in connection with cryptocurrencies reached a new record high in 2024. Kaspersky technologies blocked a total of 10,706,340 such attempts – an increase of 83 percent compared to the previous year. Given the growing popularity of digital currencies, this threat is likely to continue to grow.

While attacks on PCs declined, cybercriminals recorded a sharp increase in mobile devices. The number of users affected by banking Trojans grew from 69,200 in 2023 to 247,949 in 2024 – a 3.6-fold increase. The Mamont Trojan family was particularly active (37%), often spread via fake online stores and manipulated delivery tracking apps.

In terms of geographical distribution, Turkey was once again the most affected country, accounting for 5.7% of all infected devices. Other countries affected were Indonesia (2.7%), India (2.4%) and Azerbaijan (0.9%).

Decline in financial malware on PCs

On computers, on the other hand, the number of affected users fell from 312,453 in 2023 to 199,204 in 2024. The focus shifted from traditional online banking to compromising crypto assets. The most common Trojans included ClipBanker (63 percent), Grandoreiro (17 percent), CliptoShuffler (10 percent) and BitStealer (1.3 percent). Countries such as Turkmenistan (8.8 percent), Tajikistan (6.2 percent) and Kazakhstan (2.5 percent) were particularly badly affected.

“Phishing campaigns and scams around financial topics have not only increased in 2024, but have also reached a new level of sophistication. Attackers are using brands and services as bait to gain access to sensitive user data,” explains Olga Svistunova, Senior Web Content Analyst at Kaspersky.

The increasing use of mobile devices for financial transactions further increases the risk. Experts warn that financial phishing will become even more targeted and personalized in the future – which makes comprehensive protective measures all the more necessary.