Avast’s mobile threat researchers have also discovered an increase in fake apps and banking trojans.
Avast, a global leader in digital security and privacy, has reported that in 2021, adware continues to be the most significant threat on Android phones and tablets, with 45% of mobile threats being adware in the first five months of the year. Fake apps came in second at 16%, and banking Trojans third at 10%. Other types of malware include downloaders, spyware, and lockers/mobile ransomware.
Adware displays intrusive ads and lures users into downloading the adware by posing as legitimate apps. A recent example of adware spreading widely is the HiddenAds family, last reported by Avast in October. Avast has seen two major types of adware: the ‘traditional’ type, which are gaming, photo and other lifestyle applications that look appealing, to lure users into downloading them, and then they are spammed with ads in and outside of the app. The other common type is called ad fraud. This adware starts malicious activities in the background once downloaded and shows out-of-context ads, ads in notifications or uses other aggressive advertising techniques. Sometimes, adware also serves ads with malicious content, which is why protection against adware is so important. In case of ad fraud, an encrypted file may be downloaded automatically along with the app, which then triggers clicks on ads without the users knowing or subscribes them to premium services.
Fake apps and banking Trojans impairing people’s mobile experience
The second most widely spread mobile threat, fake apps, are apps that pose as something they are not, sometimes as legitimate apps, such as a trustworthy Covid-19 tracing app, or for example, an AdBlocker, which is an example Avast mobile threat researchers have been observing in the first months of 2021. Fake apps can contain functionality to spy on the user, to expose them to ads or other malicious activity.
Banking Trojans or “Bankers” operate in a stealth manner in order to gain the trust of users downloading the app and to steal their banking data. Banking Trojans disguise themselves as genuine apps to access the banking details of unsuspecting users and trick them into giving up their bank account details by posing as a legitimate banking application and mimicking the login screen or supplying a generic login screen with the respective bank’s logo.
“Nowadays, especially since the pandemic hit, our smartphones and devices are our daily companions, and it can be a true annoyance or even severe security risk if a phone and the data on it is exposed to mobile malware,” said Ondrej David, Mobile Threat Analyst at Avast. “Mobile malware, and adware in particular, often comes in the form of a gaming or entertainment app that seems harmless, but what users are unaware of is that their device is doing malicious activities in the background.”
How to prevent mobile malware:
- Only download apps from official app stores, like Google Play, as they have security measures in place to check apps before developers upload them, or directly from the app’s official website for extra insurance.
- Check app ratings as adware apps have many 5-star- and 1-star reviews. The reviews often cite low functionality and/or excessive ads or are overly enthusiastic and positive.
- Carefully review the permissions an app requests before downloading an app; if an app requests access to data that it doesn’t need to function, consider this a warning sign.
- Use a strong antivirus solution on your phone to identify and stop any attempted attacks.