There was a drastic increase in mobile threats in the Q2 2020 as compared to Q1: Report
In Q2 2020, Kaspersky detected 1,245,894 malicious installers, an increase of 93,232 over the previous quarter.
A recent report released by Kaspersky on the malware threats in Q2 revealed a drastic increase in the number of mobile malware threats detected and blocked by anti-malware solutions (like Kaspersky) in the second quarter of the year as compared to Q1 2020.
At least 93,232 more threats detected from the period of April to July 2020.
The report states that adware topped the list with 48%, a decrease of one percentage point from the previous quarter. Of all the adwares, the Ewind adware family (60.53% of all adware detected) was most common in Q2, followed by the FakeAdBlocker family with 13.14% and Inoco with 10.17%. RiskTool-type potentially unwanted software ranked second among all detected threat classes.
SMS trojans held third place among all detected threats with 7.59%. Agent (33.74%), Fakeinst (26.80%) and Opfake (26.33%) were the largest of the detected families of SMS trojans. All the three families were more common with Russian users, which is typical of the entire SMS trojan threat class.
The top three countries with the largest share of users attacked by mobile malware remained unchanged in Q2. Iran topped this list with a 43.62% followed by Algeria with a 21.97% and then Bangladesh with a 19.30%, India ranked sixth on the list with 13.54%
Another notable feature spotted on the report was the decrease of mobile banking trojans. During the reporting period, Kaspersky detected 38,951 mobile banking trojan installer packages, 3,164 fewer than what was reported in Q1 2020. Kaspersky also detected 3,805 installation packages for mobile trojan ransomware in Q2 2020, which is 534 fewer than last quarter.
The number of mobile banking and ransomware trojans have decreased from the last quarter to this one mainly because it is harder to extort cash from users than to steal the bank account data right away. At the same time, the device needs to be previously infected in either case, so with the costs being equal, cybercriminals will choose the path of least resistance, i.e. theft.
Also, a ransomware trojan is a threat the user will likely want to fight to get the device back to a functional state. If he/she fights, the user is likely to win too, even if it is factory-resetting the device. Cybercriminals, on their end, will try to keep their malware undetected on the device as long as possible, which runs counter to the whole idea of mobile ransomware.
Stalkerware too saw a decrease in Q2 2020. Many of the countries where stalkerware is popular went on lockdown or had to impose self-isolation, which resulted in stalkerware users finding themselves locked up for long periods of time with those they probably wanted to spy on.
One can assume that this led to a reduction in the number of mobile devices on which stalkerware was detected on.
Russia had the largest number of users whose devices were found to contain stalkerware in Q2 2020. It was followed closely by Brazil and, India came third, having half of Russia’s number of users that had encountered stalkerware.
You can read the whole report here.