G DATA Mobile Security Report: Attacks on smartphones every minute

When it comes to Android malware, cyber criminals are currently focusing on quality rather than quantity. The current Mobile Security Report from G DATA CyberDefense shows that the downward trend of the first half of 2022 has continued in the second half of the year. Last year, attackers published only two to three apps containing malware per minute. The year before, the average was five. One reason for this is that, after the outbreak of the war in Ukraine, many attackers continued to focus on larger systems such as universities or companies. Time and again, cyber criminals succeed in infiltrating devices using the Android operating system in ways that have been known for a long time. The attackers gain access to their victims’ mobile devices via phishing or smishing, or disguised as legitimate applications.

“Cyber attacks on smartphones target both private individuals and companies,” says Stefan Decker, Security Researcher in the Mobile Team at G DATA CyberDefense AG. “Although mobile device manufacturers invest a lot in protective measures, the number of malicious apps is cause for concern. Users often lack the awareness and knowledge to recognise potential dangers. They carelessly tap on a link and suddenly their own smartphone is infected.”

Mobile malware “favourites”
The list of the most frequently found Android malware families includes Android.Trojan.SpyMax and Android.Trojan.Boxer. These Trojans have been active since 2019 (SpyMax) and 2016 (Boxer) respectively and have caused a lot of damage. The SpyMax banking Trojan gets onto smartphones via phishing or smishing, i.e. via emails or SMS. Once the malware is installed, it reads information from the device and the installed applications, such as login information for online banking. The Boxer Trojan hides in legitimate applications such as a QR code scanner and gets onto the smartphone during installation. It then silently sends text messages to premium rate numbers or orders paid subscriptions via text - to the financial detriment of the owner.

“Users should not open links directly from an email or text message, but should go directly to the website in the browser,” recommends Stefan Decker. “In addition, users should find out about the app in detail before installing it, check the requested permissions and restrict them if necessary. Last but not least, an up-to-date security solution offers far-reaching protection and exposes malware infections on smartphones.”

Stalkerware - a spy in the smartphone
Stalkerware continues to be a problem, as current figures show. Every month, G DATA analysts discover this abusive spy software on customer devices. Stalkerware is a type of commercial malware that is designed to monitor other people's devices. This type of software is often used in cases where one person wants to exert control over another, for example in the context of a ‘toxic’ relationship. It is often marketed as software for monitoring online activities of children or employees. Basically, the perpetrator can use stalkerware to seamlessly monitor PCs and mobile devices alike. Nothing is safe from access by the spyware - chats, call lists, emails, GPS coordinates or contacts.

“Installing stalkerware on a partner's smartphone violates the basic human rights of those being targeted,” says Stefan Decker. “We see it as our duty to take decisive action against surveillance tools and to protect the victims - usually women - from abusive behaviour. The number of unreported cases is probably significantly higher than the cases we have detected.”

Detecting and dealing with this is problematic, because it requires a sensitive and sophisticated approach compared to removing malware. Removing stalkerware can potentially cause more damage. The perpetrator could be informed by the app of its removal and try to destroy evidence. It is more expedient to warn the potential victims and offer help - with information on how they should deal with the detected infection.

In the long term, the number of attacks on mobile devices will continue to increase because smartphones play a central role in the lives of so many people, not only as a means of communication or a navigation aid, but also for daily payments, two-factor authentication or as digital ID. These functions make smartphones a financially attractive target for cyber criminals.