Kaspersky observed a downward trend in the number of attacks on mobile users in 2021. However, there is no reason to celebrate as the attacks are becoming more sophisticated in terms of both malware functionality and vectors. Monitoring from the global cybersecurity company also shows cybercriminals have shifted their focus to banking and gaming.
Malaysia was ranked 10th in the top 10 countries in the world with 27.36% share of users targeted by mobile malware in 2019. The number dropped to 19.68% in 2020, and further reduced to 12.43% in 2021. Kaspersky’s annual analysis of mobile threats demonstrated a positive trend, where the number of attacks on mobile users worldwide has been declining but experts believe it is too early to relax.
“Let’s talk about the good news. There have been fewer mobile attacks in 2021. Now the bad news, where the attacks are becoming more complex and harder to spot. The malicious apps are masked under the guise of legitimate apps, that can be downloaded from the official app stores. Deleting apps from official stores does not always lead to victory over the malware, as we see the developers upload new modified versions to the store, under different names and different developer accounts. So, it is quite hard to notice, but our team will continue to monitor and report these malicious apps,” says Yeo Siang Tiong, General Manager of Southeast Asia at Kaspersky.
Android maintains its position as the leading mobile operating system worldwide, thus it will remain as the target of the cybercriminals dur to the high number of users. Cybercriminals often go after a larger pool of victims.
“Our money and essential data are currently in our mobile devices, so it is important for every Android devices to install reliable security app to guard their privacy, identity and be protected from common malware and advanced hacking tricks,” adds Yeo.
Central Bank of Malaysia announced that Malaysia saw 1.87 billion electronic money transactions worth RM45.2 billion from January to November 2021. There were also victims reported to have lost their monies in the e-money.
Kaspersky experts see cybercriminals would focus on doing advanced scam and social engineering attempts, using non-technology focused attacks, and exploiting human vulnerabilities on mobile users in Southeast Asia.
“Our experts also expect an even more significant wave of attacks on cryptocurrency businesses and even against the rising non-fungible token (NFT), as Malaysia in particular is leading in terms of NFT ownership, at 23.9% across the region. So please remain vigilant,” elaborates Yeo.
Kaspersky experts has the following advices for mobile users to protect their data from mobile threats:-
- Download your apps from official stores only.
- Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as accessibility services. The only permission that a flashlight app needs is the flashlight, which does not involve camera access.
- Install a reliable security app that helps you detect malicious apps and adware before they start behaving badly on your devices.
- iPhone users have some privacy controls provided by Apple, and users can block app access to photos, contacts and GPS features if they think these permissions are unnecessary.
- Update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.
On distinguishing between a real bank personnel or a banking Trojan, Kaspersky experts have the following advices:
- If one received a call or email from your bank that you weren’t expecting, treat it with suspicion and never disclose personal details in emails or unless you have called the bank yourself.
- Only access your bank account from a secure wireless network.
- Never post personal information that could reveal your banking details on social network sites.
- Check your account and credit card statements regularly for suspicious transactions. If you see something strange, report it to your bank immediately.
- Use common sense and be cautious. Do not click links that say they are from your bank. Double check if a message is genuine, and call your bank.
- Your mobile devices need robust security app to protect it against malicious programs and cyberattacks.
14 June 2022