Kaspersky warns of more Trojan, ransomware attacks on smartphones

By Norman P. Aquino, Special Reports Editor

PHUKET, THAILAND — Kaspersky on Thursday warned of more cybersecurity attacks against Android and iOS devices, with the notorious Anubis Trojan now targeting smartphones using its banking Trojan with ransomware functionalities.

The global cybersecurity company detected 11.5 million malicious installation packages in the Asia-Pacific (APAC)region in the first half, more than three times the level for the entire 2021, Suguru Ishimaru, Kaspersky’s senior malware researcher in the region, told a conference here.

“Anubis is known for compromising hundreds of bank customers per campaign, proving that it’s among the most active malware targeting Android users right now,” he said. “Our recent findings show that the cybercriminals behind this threat have started implementing ransom functionalities.”

Other malicious groups are expected to copy the same technique of stealing data and holding devices hostage, Mr. Ishimaru said. “I expect to see more of such attacks in APAC due to cybercriminals’ strong financial motivation.”

Mobile banking Trojans are one of the most dangerous species in the malware world, stealing money from mobile users’ bank accounts usually by disguising the Trojans as legitimate apps to lure people into installing the malware.

Mr. Ishimaru said there are 6.6 billion smartphone users globally. Anubis has targeted Android phone users since 2017, mostly in Russia, Turkey, India, China, Colombia, France, Germany, the US, Denmark and Vietnam.

In 2020, the Philippines had 79 million smartphone users and the number is expected to rise to 91.5 million by 2025. More and more Filipinos are using their phones to buy things online.

The Anubis malware continues to be one of the most common mobile bankers, according to Kaspersky’s latest mobile statistics for the second. During the period, one of 10 unique Kaspersky users globally who encountered a banking threat encountered the Anubis mobile banking Trojan.

Initial infections are done through legitimate-looking and high-ranking but malicious apps on Google Play, smishing (phishing messages sent through SMS) and Bian malware, another mobile banking Trojan, Kaspersky said in a separate statement.

Once in, the malware can do a complete device takeover — stealing personal information and identity, accessing private messages and login credentials, recording sound, requesting GPS, disabling play protect and locking the screen.

Another prolific threat actor targeting mobile banking users, globally and in the region, is Roaming Mantis. The group carries out malicious campaigns that target Android devices and spreads mobile malware initially via DNS hijacking and currently through smishing. 

While the cybercriminal group is known for targeting Android devices, Roaming Mantis’ recent campaign has shown interest in iOS users, Mr. Ishimaru said.

Smishing messages targeting iOS users contain a short description and a URL to a landing page. If a user clicks on the link and opens the page, he is redirected to a phishing page imitating the official Apple website.

If a victim inputs his credentials to the site, it will then proceed to the two-factor authentication phishing website. This allows the attacker to know the user’s device, credentials, and authentication codes.

“With more than half (63%) of digital payments in APAC doing their financial transactions online through mobile devices, awareness is no longer enough,” the researcher said. “Protecting our smartphones is a step that everyone should be doing by now.”

Anubis and Roaming Mantis are present in the Philippines, though it has not been affected as much as its peers in the region, Mr. Ishimaru told BusinessWorld.

Kaspersky detected 7.2 billion malicious objects in the 12 months to July, 1.5 billion of which were in the Asia-Pacific region, Vitaly Kamluk, director of Global Research and Analysis Team, said at the same briefing.

Most countries in the region experienced a slowdown. In the Philippines, malicious objects fell to 76 million from 113 million, Mr. Kamluk said, attributing the fall to the tendency of cyber-criminals to use targeted attacks, which take more time to execute, more than opportunistic attacks.

Meanwhile, the world received 267 million spam e-mails daily last year, or 84% of all e-mails, Noushin Shabab, another senior security researcher at Kaspersky, told journalists.

The cybersecurity company detected a monthly average of 10 million spam e-mails from January to July, 24% of which were in the Asia-Pacific region, she said.

Vietnam accounted for 17.9% of the region’s more than 17 million malicious e-mails from January to July at 3.09 million, Malaysia had 2.36 million or 13.6%, Japan had 1.86 million (10.8%), Indonesia had 1.8 million (10.4%) and Taiwan had 1.45 million (8.4%), Ms. Shabab said.

The Philippines accounted for only 2% of the region’s total or a little over 300,000 spam e-mails during the period. Almost all cybercriminals targeting the region used spearphishing — a type of attack that involves getting sensitive information or access to a computer system  by sending counterfeit messages.

“A lower number or percent doesn’t mean that country is safe,” she told BusinessWorld. “The numbers are quite high — 2% of millions of attacks are still a lot.”

Ms. Shabab also cited the need to convince small businesses to allot a budget for cybersecurity because it would pay off in the long term. “Organizations should be given the understanding that investing in cyber-security is very important. You don’t need to spend all of your budget but you need to have a plan.”

She noted that a cyberattack doesn’t just lead to lost data. “It’s more than that. There’s also the reputation and the trust. It will take many years and lot more steps and investments to gain back that reputation that you lost.”

Meanwhile, Kaspersky does not see the need to merge with any companies to boost its presence, Chris Connell, vice-president for Global Sales Network and managing director for the Asia-Pacific region, told reporters.

“Our technology is the best in the world,” he said. “We’re always looking for opportunities but we don’t believe we need to look at merging with anybody.”