New research into malware affecting mobile devices has found that stalkerware and adware posed the biggest threat to users in 2019.
The annual "Mobile Malware Evolution" report, published yesterday by Kaspersky, shows a significant increase in the number of attacks on the personal data of mobile device users. From 40,386 unique users experiencing attacks in 2018, the figure rose to 67,500 in 2019.
Mobile advertising Trojans were a major threat, with the number of detected installation packages that use this type of malware nearly doubling over the course of the year from 440,098 to 764,265. However, researchers found that the rise in attacks was not caused by classic spyware or Trojans, but by a massive spike in the amount of “so-called stalkerware.”
Often promoted as parental surveillance tools, stalkerware apps are installed without the device owner’s consent to secretly stream the victim’s personal information. Devices kitted out with this eavesdropping app will send images, videos, correspondence, and geolocation data from the victim’s device to a command server.
Researchers observed a drop in the number of mobile malicious installation packages detected for a fourth year running. From their peak of 8,526,221 in 2016, the number of mobile threats decreased to 3,503,952 in 2019, which is only 542,225 more than the number of threats detected in 2015.
For the third consecutive year, mobile malware attacks were most prevalent in Iran, where 60.64% of users were affected. The countries with the second and third highest percentages of impacted users were Pakistan and Bangladesh, where 44.43% and 43.17% of users were affected, respectively.
While the number of mobile ransomware Trojans detected rose by 8,186 to 68,362 year on year, one threat that was on the decline was mobile banking Trojans.
"In 2019, we detected 69,777 installation packages for mobile banking Trojans, which is half last year’s figure," wrote researchers.
However, the banking Trojans that were detected were worryingly advanced.
Researchers wrote: "The year 2019 saw the appearance of several highly sophisticated mobile banking threats, in particular, malware that can interfere with the normal operation of banking apps. The danger they pose cannot be overstated, because they cause direct losses to the victim. It is highly likely that this trend will continue into 2020, and we will see more such high-tech banking Trojans."