And why we should stay alert
The Philippines may be one of the world’s biggest mobile-using countries yet the number of mobile malware attacks have dropped sharply in the country since 2020.
Data from Kaspersky showed the detected attempts to attack Filipino mobile users plunged to 55,617 or 49% in 2020 compared to 110,128 in 2019. In 2021, malware attempts to target smartphone and tablet users fell to 34,010 or 38.84% compared to the previous year.
Among Southeast Asian countries, the pattern of declining mobile threat activity was observed not only in the Philippines but also in Indonesia, Malaysia, and Singapore.
According to Kaspersky experts, the downward trend does not mean mobile malware is disappearing soon. On the contrary, mobile users are cautioned to stay alert.
In Thailand and Vietnam, malware attacks against mobile users in 2021 were even higher than in 2019 at 32% and 8%, respectively.
Cybercriminals are only becoming increasingly inventive that attacks are getting sophisticated in terms of malware functionality and vectors. This time, malicious codes in the form of Trojans are being injected in third-party ad modules, loaded into legitimate programs in the guise of updates or added to harmless apps approved by app stores. Current targets are apps on Google Play and APKPure, a popular alternative Android app store.
Trojans are used by cybercriminals to delete, block, modify or copy data, and they disrupt the performance of devices or computer networks. Unlike viruses and worms, Trojans cannot self-replicate or make copies of themselves.
In 2021, the first ever mobile Trojan that specializes in stealing mobile gaming accounts was discovered by Kaspersky experts. Called the Gamethief malware, this Trojan targeted accounts in the mobile version of the PlayerUnknown’s Battlegrounds (PUBG) game.
In the Philippines, the top mobile malware detected are:
- Trojan
- Trojan-Downloader: downloads and installs new versions of malware including Trojans and AdWare on victim computers and automatically runs when the operating system boots up. Frequently used in the initial infection of visitors to websites which contain exploits (subset of malware that contain data or executable code that can take advantage of one or more vulnerabilities in the software running on a local or remote computer.)
- Trojan-Dropper: used by hackers to secretly install Trojan programs or viruses and to protect malicious programs from being detected by antivirus solutions as not all AVs can scan all components inside this type of Trojan.
- Trojan-SMS: used to send text messages from infected mobile devices to premium rate mobile numbers. (Example, the Android malware Faketoken sends mass SMS messages to expensive international numbers and disguises itself in the system as a standard SMS app.) This has been monitored in all SEA countries except Thailand.
- Trojan-Backdoor: one of the simplest but potentially most dangerous as it can load all sorts of malware onto your system. It’s often used to set up botnets so without your knowledge, your computer becomes part of a zombie network that is used for attacks. This has also been monitored in Singapore.
Even as mobile banking malware attacks are also observed to be dwindling, about 97,661 new mobile banking Trojans worldwide were detected by Kaspersky products and technologies in 2021.
Mobile banking malware in SEA
An interesting discovery shows how cybercriminals improved the stealing capabilities of their creations. Detected by Kaspersky last year, the Fakecalls banking Trojan would drop the call if the victim tries to contact their bank. The Trojan then replaces it with a pre-recorded response of a fake bank representative stored in the Trojan’s body. This would trick the victim into thinking that a bank employee answered the call.
Banking Trojans, when they have successfully infected a target computer, allow cybercriminals to steal money from victims’ online banking accounts and e-wallets, which is why they are considered one of the most dangerous types of malware.
A recent Kaspersky study revealed that 75% of Filipinos now prefer using smartphones for digital transactions.
In the same study, almost half of the respondents admitted encountering cyber threats while using mobile ewallets. But only 25% of those surveyed confirmed using security solutions.
“The future is definitely mobile here in Southeast Asia. At the surface, it may seem that cybercriminals are becoming less active because of the decreased mobile malware attacks. But, it is a global trend and it does not necessarily mean we are safer,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
“We have to note that as we embrace digital payment apps more, we unconsciously put more of our hard-earned money in our devices. Our devices usually remain vulnerable from simple malware attacks. There is a gap between awareness and action here in SEA so I urge digital payment providers and regulators to help us in encouraging users to protect their mobile devices, too,” add Yeo.
How to stay safe?
Cybercriminals are resourceful and take every opportunity to prey on mobile device users. So, regardless of their activity level, it pays to be alert.
- Download apps only from official sources. This is not a 100% security guarantee, but there are far less malicious programs in official stores. Even when malware slips through moderation, it usually gets removed from the store relatively quickly.
- Whenever possible, use apps from trusted developers with a good reputation to minimize the
- chances of encountering malware.
- Ignore apps that promise payouts you’ve never heard of or overly generous prizes. It’s almost bound to be a scam.
- Don’t give apps permissions they don’t need to work. Most malware will not be able to deploy fully without potentially dangerous permissions such as access to Accessibility, access to text messages and installation of unknown apps.
- Use a reliable mobile antivirus that will detect and block malware that tries to get inside your mobile device. In the Philippines, select Kaspersky products are currently being offered at special prices for a limited time only. Kaspersky Internet Security for Android, regularly priced at P399 per license, is now available for only P199.50 for the month ofJune. Windows, iOS, and Android users can now get Kaspersky Total Security at 20% off from June 1-30. Both products are exclusively available through https://www.kasperskyph.com.
Read Kaspersky’s full 2021 Threat Landscape report for Southeast Asia here https://kasperskysea.co/premium_report.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.