28.02.2023 | 1 Image

G DATA Mobile Security Report: Attacks on smartphones every minute

Cyber criminals infiltrate mobile phones using familiar methods
This press release has:
Smartphone owners with Android devices are exposed to a high level of cyber risk. The number of attacks is decreasing, but the quality of the attacks is clearly improving. Two new malicious apps per minute threatened Android users last year, and there is no end in sight. Stalkerware also remains a major problem – this is spyware that private individuals use to track victims at every turn.

Press release Plain text

When it comes to Android malware, cyber criminals are currently focusing on quality rather than quantity. The current Mobile Security Report from G DATA CyberDefense shows that the downward trend of the first half of 2022 has continued in the second half of the year. Last year, attackers published only two to three apps containing malware per minute. The year before, the average was five. One reason for this is that, after the outbreak of the war in Ukraine, many attackers continued to focus on larger systems such as universities or companies. Time and again, cyber criminals succeed in infiltrating devices using the Android operating system in ways that have been known for a long time. The attackers gain access to their victims’ mobile devices via phishing or smishing, or disguised as legitimate applications.

“Cyber attacks on smartphones target both private individuals and companies,” says Stefan Decker, Security Researcher in the Mobile Team at G DATA CyberDefense AG. “Although mobile device manufacturers invest a lot in protective measures, the number of malicious apps is cause for concern. Users often lack the awareness and knowledge to recognise potential dangers. They carelessly tap on a link and suddenly their own smartphone is infected.”

Mobile malware “favourites”
The list of the most frequently found Android malware families includes Android.Trojan.SpyMax and Android.Trojan.Boxer. These Trojans have been active since 2019 (SpyMax) and 2016 (Boxer) respectively and have caused a lot of damage. The SpyMax banking Trojan gets onto smartphones via phishing or smishing, i.e. via emails or SMS. Once the malware is installed, it reads information from the device and the installed applications, such as login information for online banking. The Boxer Trojan hides in legitimate applications such as a QR code scanner and gets onto the smartphone during installation. It then silently sends text messages to premium rate numbers or orders paid subscriptions via text - to the financial detriment of the owner.

“Users should not open links directly from an email or text message, but should go directly to the website in the browser,” recommends Stefan Decker. “In addition, users should find out about the app in detail before installing it, check the requested permissions and restrict them if necessary. Last but not least, an up-to-date security solution offers far-reaching protection and exposes malware infections on smartphones.”

Stalkerware - a spy in the smartphone
Stalkerware continues to be a problem, as current figures show. Every month, G DATA analysts discover this abusive spy software on customer devices. Stalkerware is a type of commercial malware that is designed to monitor other people's devices. This type of software is often used in cases where one person wants to exert control over another, for example in the context of a ‘toxic’ relationship. It is often marketed as software for monitoring online activities of children or employees. Basically, the perpetrator can use stalkerware to seamlessly monitor PCs and mobile devices alike. Nothing is safe from access by the spyware - chats, call lists, emails, GPS coordinates or contacts.

“Installing stalkerware on a partner's smartphone violates the basic human rights of those being targeted,” says Stefan Decker. “We see it as our duty to take decisive action against surveillance tools and to protect the victims - usually women - from abusive behaviour. The number of unreported cases is probably significantly higher than the cases we have detected.”

Detecting and dealing with this is problematic, because it requires a sensitive and sophisticated approach compared to removing malware. Removing stalkerware can potentially cause more damage. The perpetrator could be informed by the app of its removal and try to destroy evidence. It is more expedient to warn the potential victims and offer help - with information on how they should deal with the detected infection.

In the long term, the number of attacks on mobile devices will continue to increase because smartphones play a central role in the lives of so many people, not only as a means of communication or a navigation aid, but also for daily payments, two-factor authentication or as digital ID. These functions make smartphones a financially attractive target for cyber criminals.

With holistic cyber defence services, G DATA CyberDefense makes you defensible against cybercrime. The renowned IT security company protects with AI technologies, endpoint protection, security monitoring and offers penetration tests, incident response and awareness training in order to secure companies in the best possible way.

G DATA CyberDefense AG supports its customers in every security situation. From the headquarters in Bochum, more than 550 employees ensure the digital security of companies, critical infrastructures such as hospitals or airports as well as millions of private users. With almost 40 years of expertise in malware analysis, G DATA has become a top player in the cybersecurity world and conducts research and software development exclusively in Germany. This also applies to service and support, which is available around the clock for customers all over the world. G DATA security solutions are available in more than 90 countries and have received numerous awards from independent test institutes.

All contents of this press release as .zip:

Direct download

Release text 4413 Characters

Plain text Copy release text

Images (1)

3 592 x 2 395 © G DATA CyberDefense


(3) Stefan Karpenstein
Stefan Karpenstein
Public Relations Manager

+49 234 9762 - 517