A recent investigation by Zscaler’s ThreatLabz research team has uncovered over 200 malicious apps on the Google Play Store, collectively downloaded nearly eight million times.
These apps, which have since been removed by Google, posed significant risks to users worldwide. Nigeria ranked among the top 10 countries targeted by these mobile malware attacks, alongside India, the US, Canada, South Africa, The Netherlands, Mexico, Brazil, Singapore, and the Philippines.
The report highlights the growing vulnerability of mobile devices as they now serve as the primary tool for online activity, with 96.5 per cent of global internet users accessing the web through their phones.
The Zscaler study, which analysed 20 million blocked malicious transactions, revealed a 29 per cent increase in banking malware over the past year, while incidents of mobile spyware surged by an alarming 111 per cent. The report attributes this spike to the profitability of cyberattacks, with criminals often bypassing multi-factor authentication (MFA) using phishing techniques, such as fake login pages for financial institutions and social media platforms.
The report also highlighted that QR codes have become a popular tool for cybercriminals. Anatsa, a notorious Android banking malware, was found to have used QR codes to compromise banking apps from over 650 financial institutions worldwide. Other attack methods included distributing Android remote access trojans via fake websites for platforms like Skype, Zoom, and Google Meet, leading to unsuspecting users downloading harmful APK files.
Among the malicious apps identified, Joker malware was the most prevalent, accounting for 38 per cent of the total. Joker conducts Wireless Application Protocol (WAP) fraud, silently subscribing users to premium services without their consent. Other threats included adware, making up 35 per cent of the observed malware, and “Facestealers,” which exfiltrate Facebook credentials, comprising 14 per cent. The report also emphasised that cybercriminals frequently disguise malware as legitimate apps, including PDF readers, QR code scanners, file managers, and translators. These decoy apps serve as loaders, delivering second-stage malware like Anatsa (TeaBot), further compromising users’ devices.
“Trojans continue to dominate the Android malware landscape, responsible for 43 per cent of all malicious payloads,” the report noted. Banking malware in particular heavily relies on trojans, with Zscaler blocking 3.6 million threats linked to this type of attack.
Despite a noticeable decline in Android malware activity by May 2024, with the number of blocked transactions dropping to one-third of June 2023 levels, Zscaler still recorded an average of 1.7 million Android malware blocks per month over the past year.