Tinker Tailor Soldier Spy: two of the most actively evolving mobile threats jeopardise private data
February 2020 by Kaspersky
Mobile Advertising Trojans and stalkerware witnessed a solid rise in 2019, increasingly jeopardising the personal data of smartphone users. The first experienced a 2-digit growth in terms of the number of detected installation packages, while the second targeted mobile users at least twice as often as in 2018. These are among the major findings of the annual “Mobile Malware Evolution” report.
Amid growing concerns about digital privacy over the last few years – which has led to increased regulation as well – we often tend to forget the mobile aspects of the issue. However, in the hyper-connected world of today, users are always in touch and online, be it on mobile email applications, social networks, or various messengers. Mobile devices have turned into transportable containers of personal data. It is no surprise then that malicious hunters for private information have decided to exploit this. As Kaspersky statistics demonstrated, two of the most actively evolving mobile threats of 2019 have a lot to do with threats to privacy – namely mobile adware and stalkerware.
The former collects troves of private information to show users targeted banner ads. Apart from the usually annoying banners, there is another dimension to this type of attack– victim’s sensitive data may end up on third party servers without consent or knowledge. In the past year, 21% of all mobile threats observed by Kaspersky were related to Adware.
The latter consists of commercial spyware applications, usually installed on devices without users’ knowledge or consent; they stay hidden, operating in the background. These applications have access to significant amounts of personal data, such as device location, browser history, text messages, social media chats, photos and more. They not only share sensitive information with an abuser, but there is also room for a third-party hacker to gain access to stalkerware servers and collect all of this information for their own purposes. Stalkerware is of growing interest to malicious users. Kaspersky latest stats, calculated using the stalkerware detection criteria suggested by the Coalition Against Stalkerware, show that attacks on the personal data of mobile device users increased from 40,386 unique users attacked in 2018 to 67,500 in 2019. Moreover, there was a twofold increase in the number of the attacks during the second half of the year when compared to the first half. For example, there were 4483 users attacked in January 2019; in September 2019, this number rose to 9546, and, in December 2019, this number reached 11052 attacked users.
“In 2019, attacks by stalkerware, which aims to track the victim and collect private information about them, became much more frequent. What is even more important, the technical development of this type of attack does not lag behind its malicious counterparts. Given that, we would like to reiterate that digital privacy is just as much a person’s right as any other. And there are ways to keep personal data safe and secure. But to do so, it is very important to treat this issue with care,” comments Victor Chebyshev, security expert at Kaspersky.
To reduce the risk of infection and to stay protected, Kaspersky experts advise:
• Pay attention to the apps installed on your device and avoid downloading them from unknown sources
• Always keep your device updated
• Regularly run a system scan to check for possible infections
Kaspersky also recommends that users install a reliable security solution like Kaspersky Security Cloud on their device, which aims to protect users’ privacy and personal information from mobile threats. The service also checks whether your privacy has been compromised using the “Account Check” function.