In one global cybersecurity firm’s user base, cybercriminals shifted away from mobile device attacks toward credential theft and bank accounts.

Good news and bad news. Last year, attacks on mobile devices in a global user base actually declined.

Now the bad news: cybercriminals probably consolidated their efforts to focus on more dangerous (and profitable) threats instead.

According to Kaspersky, more than 95,000 new mobile banking trojans were detected in their user ecosystem last year, but the number of attacks using such malware remained similar. At the same time, the share of trojan malware had doubled over that of the previous year, reaching 8.8%.

The cybersecurity firm’s analysis of mobile threats demonstrated a positive trend: the number of attacks on mobile users worldwide had been declining, hitting 46m in 2021 compared to 63m in 2020. Their experts attribute this development, in part, to the wave of attacks seen at the beginning of lockdown as users got forced to work from home. That period also saw increased use of various video conferencing and entertainment apps, increasing the volume and spread of attack opportunities. Now that the situation has stabilized, cybercriminal activity would have declined as a result.

With the revised focus away from mobile threats, cybercriminals paid more attention to steal account credentials and other personal data to get at the grand prize: high-hanging fruit such as bank accounts and other stored-value funds.

The number of attacks using banking trojans had kept up momentum. There were 2.367m attacks in the firm’s user ecosystem, 2021, only 600k fewer than in 2020. New malware such as the Fakecalls banking trojan was dropping calls whenever users tried to contact the bank, replacing audio recordings with prepared answers from the operator. This way, users were tricked into thinking that they were speaking with a real bank employee or the standard robot answering machine, and unwittingly shared sensitive information with the attackers.

Other malware acted more subtly. The Sova banking trojan stole users’ cookies, thereby gaining access to personal accounts in mobile banking apps, without necessarily knowing login and password information.

Another cyber trend in 2021 saw cybercriminals going after mobile gaming credentials, which were later sold on the Dark Web or used to steal in-game goods from users. The first mobile trojan of the Game thief category stole credentials from the mobile version of PlayerUnknown’s Battlegrounds (PUBG). Real-money purchases are no less popular in mobile games, but the firm’s researchers had never seen an attempt at hijacking an account in any game until 2021.

Summing up a cyber-eventful year

Overall, the firm’s user base saw 3.5m malicious installations, leading to 46.2m attacks worldwide. Moreover, 80% of attacks were carried out by malware rather than adware or ordinary software abused for criminal intentions.

Said Tatyana Shishkova, a security researcher at the firm: “The attacks we are still seeing have become more complex and harder to spot. Cybercriminals tend to mask malicious apps under the guise of legitimate applications, which can often be downloaded from official app stores. On top of that, with mobile banking and payment apps becoming even more widespread, there is a higher chance of cybercriminals targeting these more actively.”