The incidence of mobile malware assaults by banking trojans may be overstated, but mutations in attack vectors are growing at an alarming rate, according to a report by Kaspersky Lab and Interpol.
The Mobile Cyber Threats survey shows that malicious programs targeting Android-based devices to steal money were used in 60% of attempted attacks registered by Kaspersky Lab security products between August 2013 and July of this year.
In absolute terms, there were more than 588,000 Android users worldwide who faced financial malware attacks during the reporting period. That is six times greater than the number from the equivalent period 12 months earlier.
Overall, 57.08% of all reported incidents involved premium rate SMS scams. Banking trojans, by contrast, accounted for only 1.98% of attacks.
However, Kaspersky found the number of mobile malware modifications grew sharply - from 423 in August 2013 to 5967 in July 2014 - a 14-fold increase, indicating that cybercriminals are creating multiple variations of their banking malware in attempts to go undetected by antivirus software.
"A successful Trojan-Banker infection can give a fraudster access to all of the victim’s money, while a Trojan-SMS needs to infect dozens or even hundreds of devices to show a worthwhile profit. In addition, not all owners currently use mobile online banking applications. That’s why there is such a difference in the number of trojan-SMS and trojan-banker attacks registered by our products,” says Roman Unuchek, senior virus analyst at Kaspersky Lab.