In 2023, around 3.6 billion Android users are estimated to be spread across 190 countries. No wonder Android devices are popular targets for cybercriminals. How has the number of Android attacks evolved in 2023? What types of Android threats are trending? Here’s a summary prepared in cooperation with Ondrej Kubovic, ESET Security Awareness Specialist.
ESET telemetry shows that, in 2022, the number of attacks on Android devices increased. “Whereas other types of attacks saw a dynamic increase at the beginning of 2022, followed by a slow drop, for Android threats, this isn’t the case. They’ve been rising steadily throughout the past year,” says Kubovic. How exactly did the numbers develop?
Attacks have been growing in various areas
Adware and hidden apps were the main types of Android malware targeting devices. “Malicious hidden apps usually change their icons and hide on the device. Typically, they then start to display unwanted ads or perform other actions in the background,” explains Kubovic.
Spyware has also been on the rise. “This type of malware is available on underground forums as a service, with even unskilled attackers buying it for just a few hundred or thousands of euros. Some of the code has quite broad capabilities, including recording calls, taking control of the camera, and stealing photos, emails, and contacts,” lists Kubovic.
Spyware usually aims to steal as much information and data as possible, while secretly spying on the user. For attackers, it’s a fairly simple way to earn money, since the stolen data can be later resold on the dark web to be used in other attacks, or to blackmail the victim.
Spyware-as-a-service increases the risk for companies, too
How does spyware affect companies? It can steal sensitive data, leak private conversations, obtain confidential contacts, and make this all public. “Sometimes, the attacker spies on communication between two parties without anyone noticing. Next, the cybercriminal may use the gathered information or names to contact the company from a fake email, pretending to be one of the affected parties,” elaborates Kubovic.
In that email, the attacker might ask for access to important systems, or for an urgent payment. As the perpetrator uses parts of the previous conversation, the victim may not suspect something is amiss.
Some off-the-shelf spyware provides less-skilled actors with a complete manual on how to build a campaign. “In Poland, we detected banking malware ERMAC 2.0 that included signs typical for spyware, impersonating Bolt Food. The only thing that could pique a victim’s attention was the URL. If the targeted users didn’t notice the difference, they would download harmful software that would steal access to their data for banking and crypto apps,” states Kubovic.
As described by ESET, the ERMAC 2.0 malware has been available for rent on underground forums for $5K/month since March 2022.
Smartphones are becoming popular targets
While cybercriminals mainly focused on desktop devices and software in the past, their focus is shifting as they now grasp that IT departments often struggle to monitor traffic and communication on company mobile devices.
“Smartphones tend to be underestimated, even though they may store crucial data, and are used to access key cloud repositories and business apps. IT admins often rely on the fact that the mobile environment is a bit safer due to compartmentalization and apps not having direct access to the activities of other apps on the device, but this isn’t enough,” adds Kubovic.
Nevertheless, digital thieves may still find ways into the device, just as in the cases of the above-mentioned threats. “Financial mobile apps have been targeted recently, including ones used for crypto. This is probably because Bitcoin and other cryptocurrencies are easier to launder, or don’t need to be laundered at all,” names Kubovic, as one of the attackers’ motivations. “Mobile phones are our new wallets, and cybercriminals know it.”
How to defend against Android threats
“Android devices can be protected with digital security software,” says Kubovic. Such software can monitor most threats effectively, including those built with leaked or resold source code. “A part of the code usually doesn’t change, which makes it possible for us to detect new variants of malware,” explains Kubovic.
Also, employees should be advised to download apps only from official marketplaces and avoid all unofficial or untrustworthy sources, such as forums, secondary markets, and YouTube links – Android mobile threats' most common distribution vectors. That will help ensure that cyberattacks are prevented, and your business is protected.