A recent discovery by the Zscaler ThreatLabz research team revealed that more than 200 apps on the Google Play Store, downloaded nearly eight million times, were found to be malicious.
According to the report, Nigeria is one of the top 10 countries in the world targeted by these mobile malware attackers.
Other top targets include India, the US, Canada, South Africa, The Netherlands, Mexico, Brazil, Singapore, and the Philippines.
The report noted that as mobile devices have become the primary tool for online activity, with 96.5% of internet users accessing the web through their phones, cyber threats on mobile platforms have surged.
The Zscaler report, based on 20 million blocked malicious transactions, indicates a 29% rise in banking malware attacks over the past year, while mobile spyware incidents spiked by a staggering 111%.
Why attacks are increasing
The report attributed this sharp increase to the profitability of cyberattacks, with many cybercriminals now capable of bypassing multi-factor authentication (MFA).
- They often exploit phishing techniques, such as fake login pages for financial institutions, social media platforms, and cryptocurrency wallets, it said.
- The report pointed out that QR codes are another attack vector frequently used by cybercriminals. The notorious Android banking malware, Anatsa, is said to have used QR codes to target banking apps from over 650 financial institutions worldwide.
- Additionally, attackers have been known to distribute Android remote access trojans via fake Skype, Zoom, and Google Meet websites, where users unknowingly download harmful APK files.
“Even apps from official stores like the Google Play Store have been compromised. Over 200 malicious apps, which collectively received nearly eight million downloads, were uploaded to the platform. Google confirmed that these apps have been removed following their identification,” the report stated.
Top mobile malware apps
Among the apps, the report indicated that the most prevalent malware family was Joker, which accounted for 38% of the identified apps.
- Joker is a type of Wireless Application Protocol (WAP) fraud that silently subscribes users to premium services without their knowledge, leading to unexpected charges.
- Other threats include adware, which made up 35% of observed threats, and “Facestealers,” malware designed to exfiltrate Facebook credentials, comprising 14% of malicious apps.
- According to ThreatLabz, cybercriminals often disguise malicious apps as useful tools like PDF readers, QR code readers, file managers, and translators.
- These decoy applications act as loaders to deploy more harmful malware like Anatsa, also known as TeaBot. Many of these apps are carefully crafted to appear legitimate, fooling users into downloading second-stage payloads that further compromise their devices.
“Trojans continue to dominate the Android threat landscape, accounting for 43% of all malicious payloads. Banking malware, in particular, heavily relies on trojans, with Zscaler blocking 3.6 million threats associated with these types of attacks,” it added.
Android malware activity reduced
However, the researchers also noted a recent decline in Android malware activity. By May 2024, the number of blocked malicious transactions had dropped to one-third of the figures recorded in June 2023.
Despite this, Zscaler still recorded an average of 1.7 million Android malware blocks per month over the past year, based on the analysis of more than 20 million threat-related mobile transactions.
