Global rise in Android banking and payment malware

Mobile banking and mobile payment malware – malicious software that can extort money from users by hijacking personal information and spoofing bank sites or apps to trick victims into sharing personal data – rose in the month of June.

The number of infected mobile devices worldwide, as well as the number of malware variants targeting the Android platform, increased in June at a high speed, according to Cheetah Mobile.

  • Between May 16 to June 15, the number of daily Android users infected by mobile payment malware increased from over 11,000 users to nearly 17,000 users.
  • Throughout the month of June, more than 100 countries have been infected by mobile payment malware. Vietnam (61,366 infected users), Russia (20,476 infected users), and Taiwan (19,667 infected users) are among the worst infected countries.
  • In the United States, researchers saw an increase in infection rates as well: 1311 infected users in March 2014 to 1854 in June 2014.

The four most prevalent threats tracked in June by Cheetah Mobile were:

  • Simplelocker, an evolved form of Cryptolocker, and the first malware found to be able to successfully encrypt data. Currently, there are 40 known variants of Simplelockers, with Russia (6330 infected users), United States (2520 infected users), and Ukraine (2280 infected users) among the most infected countries.
  • Android.Trojan.fubus and Android.Trojan.Fakeinst appeared on the scene in June. These Trojans for Android devices make stealth mobile payments, access the Android device manager, commit SMS fraud, steal mobile data, contact premium rate numbers, and download malware apps on the victim’s devices.
  • The “Express Delivery” malware targeted mainly Taiwan users, infecting around 20,000 users. Throughout June, this malware has split into 35 variants.
  • The “Korean BankKiller” malware, which is estimated to infect around 4,000 Korean Android users a day.

Don't miss