Nothing to be complacent about: one firm’s data shows that mobile malware attacks have been getting more sophisticated than ever.

Globally, the numbers of cyber incidents involving mobile malware in a cybersecurity firm’s protection ecosystem have been falling gradually from a peak of 6.49m in October 2020 to a low of 2.23m in December 2021.

However, despite a decrease in the number of attacks, users should not be letting their guard down— considering that attacks are becoming more sophisticated in terms of both malware functionality and vectors, according to Kaspersky, the firm sharing details of this trend.

Users of the firm’s solutions in South-east Asian nations, primarily those in Indonesia, Malaysia, the Philippines, Thailand, Vietnam and Singapore, have collectively seen a decrease in mobile malware attacks from 605,192 in 2020 to 598,588 in 2021, representing a 1.1%.

Globally in 2021, the firm’s customers saw repeat incidents of malicious code injection into popular apps through ad SDKs, as in the sensational case of CamScanner (malicious code inside ad libraries in the official APKPure client) as well as in a modified WhatsApp build.

Google Play: a malware landmine?

Kaspersky’s users have continued to encounter malware in apps on Google Play in 2021. Some notable incidents were the Joker trojan, which signs victims up to paid subscriptions, and the Facestealer trojan, which steals credentials from Facebook accounts; and various banking trojan loaders.

Besides apps with actual malicious functionality, there have also been various scamming campaigns on Google Play: for example, ones that imitated services offering fake welfare payments in exchange for personal data and fees.

The top three countries in the firm’s user base leaderboard were:

  1. Iran, which has topped the charts by share of infections for the fifth consecutive year: 40.2% of Kaspersky users there had encountered mobile threats. As in the previous year, this was largely due to the active distribution of adware from the AdWare.AndroidOS.Notifyer family.
  2. China users ranked second (28.9%), in encountering ‘potentially unwanted apps’ from the RiskTool.AndroidOS.Wapron family. Members of this malware family target victims’ mobile accounts, in particular by sending chargeable text messages on behalf of the victim as payment for supposedly viewing porn.
  3. Saudi Arabia users ranked third (28%), mostly encountering adware from the AdWare.AndroidOS.HiddenAd family.

Said the firm’s General Manager (South-east Asia), Yeo Siang Tiong: “We have to note that as we embrace digital payment apps more, we unconsciously put more of our hard-earned money in our devices which usually remain vulnerable to simple malware attacks. There is a gap between awareness and action here in South-east Asia so I urge digital payment providers and regulators to (encourage users) to protect their mobile devices too.”