Situation report 2024: Malware installed almost 8 million times in Google Play
IT researchers have investigated the mobile malware situation over the past 12 months. More than 200 counterfeit apps were lurking in Google Play.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
The IT security company Zscaler has published its ThreatLabz analysis of mobile malware over the past 12 months. The almost eight million malware-infected apps installed stand out. Zscaler discovered more than 200 of these in the Google Play Store.
The report can be downloaded from Zscaler by entering your e-mail address and name. The authors highlight some of the findings. For example, they identified a 29 percent increase in mobile banking malware and even a 111 percent increase in spyware over the last 12 months. Trojans accounted for almost half of the mobile attacks. The financial motivation can also be seen in the fact that the malware is often able to bypass multi-factor authentication and often launches phishing attempts, for example with fake log-in pages for different financial institutions.
Malware installed millions of times
According to the report, Zscaler detected more than 200 malicious apps in the Google Play Store during the observation period. Together, they amounted to almost eight million installations. As an example, the authors highlight the Anatsa malware, which is active in Asia and Europe and often disguises itself as a PDF or QR code reader app in order to distribute the malicious code. Anatsa attacks more than 650 financial institutions worldwide, reaching as far as Germany, Finland, Spain, Singapore and South Korea.
The sectors most frequently attacked with mobile malware are industry and education, followed by production. The global distribution is somewhat surprising: India is by far the country most frequently attacked with mobile malware, followed by the USA and then Canada. Only in fourth place is a European country, the Netherlands. Germany does not appear in the top ten according to the Zscaler measurement.
(Image:Â Zscaler)
The increase in banking malware and spyware contrasts with a general decrease in Android threats, Zscaler explains. The number of malware blockades carried out monthly by Zscaler systems fell from more than three million in June 2023 to well under one million in May 2024. Nevertheless, the threat remains high, as evidenced by the rise in banking malware and spyware.
Increasing IoT and OT threats
The Zscaler report also addresses IoT (Internet of Things) malware. According to the report, malware attacks on it have increased by 45 percent. Systems in the USA are attacked the most. The lion's share of attacks are on productive businesses. The vulnerabilities most frequently encountered are of the command injection type. Although operational technology (OT) systems are usually airgapped from the Internet, more than 50 percent of devices rely on outdated operating systems after their product lifecycle has ended. These typically have known vulnerabilities.
Zscaler had already published an analysis of the Anatsa malware at the end of May. It was hidden in more than 90 apps on Google Play with more than 5.5 million downloads.
(dmk)