Breaking News



Those statistics are consistent with detection verdicts of Kaspersky merchandise gained from customers who consented to offer statistical knowledge.

Quarterly figures

In step with Kaspersky Coverage Group, in Q3 2021:

  • 9,599,519 malware, spyware and adware and spyware and adware and spyware and adware and spyware and adware and riskware assaults on cellular units have been avoided.
  • The biggest percentage of all detected cellular threats accrued to RiskTool apps — 65.84%.
  • 676,190 malicious organize methods have been detected, of which:
    • 12,097 methods have been associated with cellular banking Trojans;
    • 6,157 methods have been cellular ransomware Trojans.

Quarterly highlights

The attackers turn into somewhat so much a lot much less vigorous from the former quarter — the collection of cellular assaults dropped to 9.6 million. We’ve got got noticed no new mass campaigns on the lookout for to distribute any explicit cellular malware circle of relatives; nor have been there any newsworthy occasions very similar to what we had early into the COVID-19 pandemic.

Collection of assaults bearing in mind customers of Kaspersky cellular answers, Q3 2020 — Q3 2021 (obtain)

Then again Q3 offered us somewhat a couple of eye-catching finds on the equivalent time. Thus, one of the vital essential changed WhatsApp builds, FMWhatsApp 16.80.0, contained the Trojan Triada along side an promoting SDK. The recognition of WhatsApp builds with prolonged capability has secured this Trojan the 5th position in our malware ranking.

In Q3, new Trojan households emerged, disbursed by way of Google Play. To these we already knew — Trojan.AndroidOS.Jocker and Trojan.AndroidOS.MobOk (signing the shopper as much as paid subscriptions) and Trojan-Dropper.AndroidOS.Necro (downloading payload from the assault server) — two additional have been added. The primary one accommodates rip-off apps of Trojan.AndroidOS.Fakeapp selection exploiting the theme of social bills to persuade cash out of the shopper; the second is the fast rising circle of relatives Trojan-PSW.AndroidOS.Facestealer stealing Fb account knowledge.

Cellular banking Trojans have been progressing, too. For example, a curious trick used to be as soon as hired by way of the circle of relatives Trojan-Banker.AndroidOS.Fakecalls vigorous in Korea: if the shopper tries to name the financial established order, the malware disconnects the true establish and performs prerecorded operator’s responses saved throughout the Trojan’s frame.

Cellular risk statistics

In Q3 2021, Kaspersky detected 676,190 malicious organize methods — 209,915 not up to throughout the earlier quarter and 445,128 not up to in Q3 2020.

Collection of detected malicious organize methods, Q3 2020 — Q3 2021 (obtain)

Distribution of detected cellular malware by way of sort

Distribution of newly detected cellular malware by way of sort, Q2 and Q3 2021 (obtain)

Two thirds of all threats detected in Q3 2021 got proper right here from RiskTool apps (65.84%), their percentage up by way of 27.37 p.p. Nearly all of detected apps of this type (91.02%) belonged to the circle of relatives SMSreg.

Spyware got proper right here in 2d with 21.51% — 12.58 p.p. down from the former quarter. The malicious items we maximum endlessly encountered got proper right here from the households AdWare.AndroidOS.FakeAdBlocker (34.29% of all detected threats throughout the class), AdWare.AndroidOS.HiddenAd (30.66%) and AdWare.AndroidOS.MobiDash (8.81%).

More than a few Trojans are in 3rd position (2.79%), their percentage down by way of 13.69 p.p. The worst offenders have been from the households Boogr (48.88%), Piom (11.04%) and Hiddad (7.52%).

Highest 20 cellular malware tactics

Remember the fact that the malware scores underneath exclude riskware and more than likely undesirable instrument, associated with RiskTool or spyware and adware and spyware and adware and spyware and adware and spyware and adware.

Verdict %*
1DangerousObject.Multi.Generic33.02
2Trojan-SMS.AndroidOS.Agent.ado6.87
3Trojan.AndroidOS.Whatreg.b4.41
4Trojan.AndroidOS.Triada.dq3.85
5Trojan.AndroidOS.Triada.ef3.71
6Trojan.AndroidOS.Hiddad.gx3.70
7DangerousObject.AndroidOS.GenericML3.68
8Trojan.AndroidOS.Agent.vz3.63
9Trojan-Downloader.AndroidOS.Necro.d3.56
10Trojan-Dropper.AndroidOS.Hqwar.bk3.43
11Trojan-SMS.AndroidOS.Fakeapp.b3.35
12Trojan.AndroidOS.MobOk.advert3.13
13Trojan.AndroidOS.Triada.el2.76
14Trojan-Downloader.AndroidOS.Agent.kx2.21
15Trojan-Dropper.AndroidOS.Hqwar.gen1.74
16Trojan-Downloader.AndroidOS.Gapac.e1.71
17Trojan-Dropper.AndroidOS.Agent.rp1.66
18Exploit.AndroidOS.Lotoor.be1.66
19Trojan.AndroidOS.Fakeapp.dn1.64
20Trojan-SMS.AndroidOS.Prizmes.a1.53

* Distinctive customers attacked by way of this malware as a proportion of all attacked customers of Kaspersky cellular answers.

The primary ten threats from the Highest 20 in Q3 are the ones already featured in our scores previous.

First position as same old went to DangerousObject.Multi.Generic (33.02%), the decision we use for malware detected with cloud era. This era comes into play on each example the antivirus databases lack knowledge for detecting a work of malware, alternatively the corporate’s cloud already incorporates details about the thing. That is necessarily how the newest malware types are detected.

The Trojan-SMS.AndroidOS.Agent.ado malware — sender of textual content messages to brief premium-rate numbers — has climbed from 3rd to 2d position (6.87%).

3rd position used to be as soon as taken by way of Trojan.AndroidOS.Whatreg.b (4.41%) permitting attackers to make use of the sufferer’s telephone quantity to sign up new WhatsApp accounts managed by way of them alone.

The Triada circle of relatives Trojans are fourth, 5th and 13th in our ranking. They obtain and execute different malware at the inflamed software. Triada’s sufferers endlessly be afflicted by the abovementioned Trojan.AndroidOS.Whatreg.b, together with Trojan-Downloader.AndroidOS.Necro.d (ninth, 3.56%), Trojan-Downloader.AndroidOS.Gapac.e (sixteenth, 1.71%) and Trojan-Dropper.AndroidOS.Agent.rp (seventeenth, 1.66%), all of which in all probability belong to the equivalent promoting and advertising advertising marketing campaign.

Trojan.AndroidOS.Hiddad.gx (3.70%), a supply of frustrating commercials, rose to 6th place.

7th position used to be as soon as taken by way of DangerousObject.AndroidOS.GenericML (3.68%). Those verdicts are assigned to recordsdata known as malicious by way of our machine-learning strategies.

The malware Trojan.AndroidOS.Agent.vz (3.63%) — in a similar fashion to Triada, a hyperlink throughout the an an an infection chain of somewhat numerous Trojans — dropped into 8th.

10th and 15th puts have been taken by way of family members Trojan-Dropper.AndroidOS.Hqwar — a dropper used to unpack and execute somewhat numerous banking Trojans at the serve as software.

The newcomer Trojan-SMS.AndroidOS.Fakeapp.b got proper right here 11th (3.35%). This cellular malware can textual content and phone preset numbers, display commercials, and hide its icon. Maximum customers attacked by way of the Trojan are from Russia.

Trojan.AndroidOS.MobOk.advert (3.13%) that indicators customers as much as paid products and services and merchandise dropped into 12th.

The spyware and adware and spyware and adware and spyware and adware and spyware and adware downloader Trojan-Downloader.AndroidOS.Agent.kx (2.21%) rose to fourteenth.

Exploit.AndroidOS.Lotoor.be (1.66%), an exploit used for raising privileges at the software to superuser degree, got proper right here eighteenth. Other people of this circle of relatives endlessly come bundled with different same old malware like Triada and Necro.

Trojan.AndroidOS.Fakeapp.dn (1.64%), another new arrival, takes the 19th position. This is a rip-off app exploiting the theme of social bills: it opens faux pages prompting customers to offer their non-public knowledge and pay a value to obtain cash.

The Highest 20 is rounded out by way of Trojan-SMS.AndroidOS.Prizmes.a (1.53%), which is preinstalled on some Android units underneath the guise of Sound Recorder. The Trojan texts preset numbers reporting the occasions happening at the software (e.g., smartphone energy on).

Geography of cellular threats

Map of an an an infection makes an attempt by way of cellular malware, Q3 2021 (obtain)

Highest 10 world places by way of percentage of shoppers attacked by way of cellular malware

Nation*%**
1Iran20.14
2Saudi Arabia17.84
3China17.07
4Algeria16.73
5India15.33
6Malaysia13.63
7Ecuador11.52
8Brazil11.15
9Bangladesh10.81
10Nigeria10.81

* Excluded from the scores are world places with somewhat few customers of Kaspersky cellular coverage answers (underneath 10,000).
** Share of distinctive customers attacked as a proportion of all customers of Kaspersky cellular coverage answers throughout the nation.

In Q3 2021, the inflamed strategies proportion ranking is led by way of the equivalent world places as in Q2; the preferred threats within the ones world places are likewise the equivalent. First position went to Iran (20.14%), its prevailing risk represented by way of nerve-racking spyware and adware and spyware and adware and spyware and adware and spyware and adware modules of the households AdWare.AndroidOS.Notifyer and AdWare.AndroidOS.Fyben.

In Saudi Arabia, which have been given proper right here 2d with 17.84%, AdWare.AndroidOS.HiddenAd and AdWare.AndroidOS.FakeAdBlocker spyware and adware and spyware and adware and spyware and adware and spyware and adware have been the commonest factor.

China (17.07%) got proper right here 3rd with Trojan.AndroidOS.Najin.a as its most in most cases unfold Trojan.

Cellular banking Trojans

We detected 12,097 cellular banking Trojan installers in every single place the reporting length — 12,507 so much a lot much less from Q2 and 22,813 so much a lot much less three hundred and sixty five days on three hundred and sixty five days.

The biggest people to those figures have been the households Trojan-Banker.AndroidOS.Agent (46.72% of all banking Trojans detected), Trojan-Banker.AndroidOS.Bian (16.18%) and Trojan-Banker.AndroidOS.Anubis (8.20%).

Collection of organize methods for cellular banking Trojans detected by way of Kaspersky, Q3 2020 – Q3 2021 (obtain)

Ten maximum now not abnormal cellular bankers

Verdict%*
1Trojan-Banker.AndroidOS.Anubis.t16.77
2Trojan-Banker.AndroidOS.Svpeng.q11.17
3Trojan-Banker.AndroidOS.Bian.f9.08
4Trojan-Banker.AndroidOS.Agent.eq6.83
5Trojan-Banker.AndroidOS.Asacub.ce6.22
6Trojan-Banker.AndroidOS.Agent.ep5.17
7Trojan-Banker.AndroidOS.Hqwar.t3.53
8Trojan-Banker.AndroidOS.Agent.cf3.05
9Trojan-Banker.AndroidOS.Bian.h2.83
10Trojan-Banker.AndroidOS.Svpeng.t2.81

* Distinctive customers attacked by way of this malware as a proportion of all Kaspersky cellular coverage resolution customers who encountered banking threats.

In Q3 2021, first position in our best possible conceivable cellular bankers ranking used to be as soon as taken by way of the Anubis circle of relatives’s Trojan-Banker.AndroidOS.Anubis.t (16.77%). In 2d (11.17%) and 10th (2.81%) are bankers of the Svpeng circle of relatives. Bian circle of relatives bankers are in 3rd (9.08%) and 9th (2.83%).

Geography of cellular banking threats, Q3 2021 (obtain)

Highest 10 world places by way of percentage of shoppers attacked by way of cellular banking Trojans

Nation*%**
1Spain1.02
2Austria0.44
3Croatia0.43
4Germany0.33
5Japan0.26
6Turkey0.22
7Portugal0.20
8Norway0.20
9China0.18
10Switzerland0.14

* Excluded from the scores are world places with somewhat few customers of Kaspersky cellular coverage answers (underneath 10,000).
** Distinctive customers attacked by way of cellular banking Trojans as a proportion of all Kaspersky cellular coverage resolution customers throughout the nation.

Spain has a very powerful percentage of distinctive customers attacked by way of cellular monetary threats in Q3 2021 (1.02%). The prevalent banker detected on this nation is Trojan-Banker.AndroidOS.Bian.h (33.55% of all banking Trojans detected). Austria (0.44%) is 2d with another Bian circle of relatives advertising marketing consultant — Trojan-Banker.AndroidOS.Bian.f (96.02%) — main by way of a mile. Croatia (0.43%) is 3rd with Bian.f (97.59%) as its most in most cases unfold banker.

Cellular ransomware Trojans

In Q3 2021, we detected 6,157 organize methods for cellular ransomware Trojans — an increase of two,534 from the former quarter and 635 greater than in Q3 2020.

Collection of cellular ransomware installers detected by way of Kaspersky, Q3 2020 — Q3 2021 (obtain)

Highest 10 maximum now not abnormal cellular ransomware

Verdict%*
1Trojan-Ransom.AndroidOS.Pigetrl.a51.00
2Trojan-Ransom.AndroidOS.Rkor.ax10.43
3Trojan-Ransom.AndroidOS.Rkor.bb8.58
4Trojan-Ransom.AndroidOS.Rkor.az5.31
5Trojan-Ransom.AndroidOS.Rkor.bc4.64
6Trojan-Ransom.AndroidOS.Rkor.ay4.49
7Trojan-Ransom.AndroidOS.Small.as3.92
8Trojan-Ransom.AndroidOS.Rkor.ba2.30
9Trojan-Ransom.AndroidOS.Rkor.au1.72
10Trojan-Ransom.AndroidOS.Rkor.aw1.41

* Distinctive customers attacked by way of the malware as a proportion of all Kaspersky cellular coverage resolution customers attacked by way of ransomware Trojans.

Similar as in Q2, this time the ransomware Trojans ranking is led by way of Trojan-Ransom.AndroidOS.Pigetrl.a — 51% of all attacked customers. Maximum of its assaults (92%) have been bearing in mind customers from Russia.

Geography of cellular ransomware Trojans, Q3 2021 (obtain)

Highest 10 world places by way of percentage of shoppers attacked by way of cellular ransomware Trojans

Nation*%**
1Kazakhstan0.57
2Sweden0.22
3Kyrgyzstan0.21
4Morocco0.06
5China0.06
6Saudi Arabia0.05
7Uzbekistan0.04
8Algeria0.04
9Pakistan0.02
10Egypt0.02

* Excluded from the score are world places with somewhat few customers of Kaspersky cellular coverage answers (underneath 10,000).
** Distinctive customers attacked by way of ransomware Trojans as a proportion of all Kaspersky cellular coverage resolution customers throughout the nation.

Global puts main by way of collection of customers attacked by way of cellular ransomware Trojans are the equivalent as in Q2: Kazakhstan (0.57%), Sweden (0.22%) and Kyrgyzstan (0.21%). In all 3 the Trojan-Ransom.AndroidOS.Rkor circle of relatives Trojans have been the commonest risk.




Leave a Reply

Your email address will not be published.

Donate Us

X