Analysis of 2024 and 2023 customer incident data shows a surge in mobile and crypto-related threats in its protection ecosystem

Based on an analysis of anonymized data on malicious activities detected on the devices of its own customers* for a review of financial cyber threats, a cybersecurity firm has disclosed some findings.

First, the number of customers/users encountering mobile banking trojans had risen by 3.6 times in the 2024 data compared to that of the previous year, with nearly 248,000 current users (outside of the United States^#) affected.

Second, based on the capabilities of the firm’s anti-phishing technologies, there were 10,706,340 user attempts to access cryptocurrency-themed phishing links in 2024: an 83.4% increase from that of the previous year.

Other findings

Third, the customer data analyzed has indicated a shift in PC-focused financial malware. The number of customers/users affected by financial PC malware had decreased from 312,453 in 2023 data to 199,204 in 2024 data*: a 36.25% drop. Also:

• Most^ of the detected PC malware was then targeting crypto assets rather than traditional online banking
• Among mobile banking trojan incidents in the data, the Mamont trojan family was the most active malware, accounting for 36.7% of detected attacks detected.
• 42.6% of financial phishing attempts detected by the firm’s technology involved using banks as the lure
• 33.2% of phishing and scam pages featuring online stores as the lure had featured Amazon in the 2024 data.
• 19.3% of attacks involved using payment systems as the lure, with users mostly encountering the following brands as lures: PayPal (37.5% in 2024 data compared to 54.7% in 2023 data); Mastercard (30.5% vs 16.6% from 2024 and 2023 data respectively); and American Express and Cielo.
• 83.4% was the amount of increase in phishing and scam attacks related to incidents where users tried to follow a cryptocurrency-themed link in 2024 data (compared to 2023 data)

According to Olga Svistunova, Senior Web Content analyst, Kaspersky, the firm that disclosed its internal data analysis: “Looking ahead, we expect financial phishing to become even more personalized and targeted, focusing on exploiting vulnerabilities in everyday digital habits, which will demand increased vigilance and thorough approaches to protection.”

*consensually provided through participation in the firm’s security information network. Note: data gathered for a particular stated year does not necessarily refer to incidents and trends in that year alone, but also those in the previous year

^#This factor has to be considered by readers in evaluating some of the reported findings

^ the term “most” refers to four key malware strains detected. One of them (Grandoreiro at 17.1%) targets both traditional banking and crypto, while other three (ClipBanker [62.9%], CliptoShuffler [9.5%], and BitStealer [1.3%]) primarily target crypto