14 DAY TRIAL // Throughout 2016, Kaspersky Lab registered nearly 40 million attacks by malicious mobile software, protecting over 4 million unique users of Android-based devices. The number of malicious installation packages was three times larger than the previous year, amounting to over 8.5 million.
According to Kaspersky Lab's Mobile Malware Evolution 2016 report, attacks by malicious mobile software were recorded in over 230 countries and territories with Bangladesh taking the top spot. Data shows that over half of mobile users of Kaspersky Lab here were attacked by mobile malware.
The list continues with Iran, Nepal, China, Indonesia, all with over 40% of users affected. Algeria, Nigeria, Philippines, India and Uzbekistan follow next.
The most widespread malware types
Based on the number of detected installation packages, RiskTool was the most widespread malware type in 2016. AdWare follows next, Trojan-SMS, Trojan-Dropper, and regular Trojan complete the top 5.
Kaspersky further detected nearly 129,000 malicious banking Trojans, as well as over 261,000 mobile ransomware Trojans.
"The year’s most prevalent trend was Trojans gaining super-user privileges. To get these privileges, they use a variety of vulnerabilities that are usually patched in the newer versions of Android," the report reads. In short, by gaining root privileges, these Trojans have almost unlimited possibilities. They can secretly install other advertising apps, display ads, install third-party software, and they can even buy apps on Google Play.
The company states that the modular trojan Backdoor.AndroidOS.Triada was one of the most widespread. It modified the Zygote processes, allowing it to remain in the system, alter texts sent by other apps, making it even possible to steal money from the owner of the device. Numerous apps carrying this class of malicious software were found in the Google Play app store. One app, for instance, called Guide for Pokemon Go New was detected as Trojan.AndroidOS.Ztorg.ad and was downloaded over half a million times.
Google Play continues to be the target of cybercriminals trying to pass their apps as legitimate. In October and November alone, Kaspersky detected about 50 new apps infected by Adware.
"Google Play was used to spread Trojans capable of stealing login credentials. One of them was Trojan-Spy.AndroidOS.Instealy.a which stole logins and passwords for Instagram accounts. Another was Trojan-PSW.AndroidOS.MyVk.a: it was repeatedly published in Google Play and targeted user data from the social networking site VKontakte," Kaspersky writes.
Ransomware, the new trend
One of the major threats against Android users was ransomware. Mobile ransomware has been spreading like wildfire. While the original ransomware tools used against mobile users encrypted user data and demanded money to decrypt them, ransomware nowadays takes things a step further and makes it impossible to use the device.
Ransom.AndroidOS.Fusob was the most popular mobile ransom program in 2016, mostly attacking users in Germany, the United States, and the United Kingdom. Regularly, attackers demand somewhere between $100 and $200 to unlock a device, mostly paid either via codes from pre-paid iTunes cards or via BitCoin.