Cybercriminals shift focus to mobiles & cryptocurrencies

Cybercriminals have increasingly targeted mobile devices and cryptocurrency assets as digital financial transactions expand globally, according to a new report by Kaspersky.

The Financial Cyberthreats report highlighted a significant rise in mobile banking malware, which increased by 3.6 times in 2024 compared to the previous year. Additionally, detections of phishing activities related to cryptocurrency surged by 83.4%. While there was a decline in traditional banking attacks targeting PCs, there was a notable increase in malware targeting crypto assets.

Phishing attacks continued to be a preferred method for fraudsters, exploiting the resemblance of phishing pages to legitimate websites of well-known brands and financial institutions. Banks were the most frequently imitated, with 42.6% of phishing attempts targeting them in 2024, up from 38.5% the year before.

Notably, phishing schemes mimicking Amazon accounted for 33.2% of all phishing and scam pages aimed at online store users. Apple saw a decrease in attacks from 18.7% to 15.7%, while those targeting Netflix slightly increased to 16%. Fraud aimed at the Alibaba marketplace also grew, rising from 3.2% to 8% in 2024.

Payment system impersonations were found in 19.3% of financial phishing attacks detected and blocked by Kaspersky. While PayPal remained the most targeted, attacks on this platform decreased from 54.7% to 37.5%. Conversely, attacks on Mastercard nearly doubled, increasing from 16.6% to 30.5%. New entries into the top targeted payment systems included American Express and Cielo.

The number of cryptocurrency-related phishing attacks rose sharply, with Kaspersky's antiphishing technologies blocking over 10.7 million attempts in 2024, reflecting an 83.4% increase from 2023. This rise corresponds with the growing popularity of cryptocurrencies.

The landscape of financial malware affecting PCs has shifted, with fewer users being impacted by traditional banking malware, dropping from 312,453 in 2023 to 199,204 in 2024. Currently, most PC-targeted financial malware focuses on stealing crypto assets. The ClipBanker Trojan was most prevalent, detected in 62.9% of cases. The Grandoreiro Trojan attacked 1,700 banks and 276 crypto wallets worldwide.

Countries most affected by financial malware for PCs included Turkmenistan, Tajikistan, and Kazakhstan. Other affected nations were Switzerland, Kyrgyzstan, Mexico, Argentina, Paraguay, and Uruguay.

The report also drew attention to the increase in mobile financial threats. The number of affected users rose from 69,200 in 2023 to 247,949 in 2024. Mamont was the most active Trojan-Banker family, employing methods ranging from simple scams to complex schemes.

Türkiye was highlighted as the most targeted country by mobile banking malware. There was also increased malicious activity in Indonesia, India, Azerbaijan, Uzbekistan, and Malaysia.

"In 2024, financial phishing and scams increased in numbers and reached a new level of sophistication, unleashing waves of attacks on users. Fraudsters are increasingly leveraging fake brands and services to get user data, and the popularity of smartphones for financial transactions only fuels their appetite. Looking ahead, we expect financial phishing to become even more personalized and targeted, focusing on exploiting vulnerabilities in everyday digital habits, which will demand increased vigilance and thorough approaches to protection," comments Olga Svistunova, Senior Web Content Analyst at Kaspersky.

Kaspersky has offered recommendations for both individuals and businesses to shield against these threats. Users are advised to employ multifactor authentication, use strong and unique passwords, and verify web pages before entering sensitive information. Businesses are encouraged to keep their software updated, enhance employee security awareness, and implement robust cybersecurity measures.