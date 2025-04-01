Uptick in mobile banking malware

In 2024, as digital financial transactions continued to expand worldwide, cybercriminals shifted their focus toward mobile devices and crypto assets.

According to Kaspersky’s new Financial Cyberthreats report, the number of users encountering mobile banking Trojans rose by 3,6-times compared to 2023, while crypto‑related phishing detections climbed by 83,4%.

Meanwhile, PC‑focused malware saw a decline in traditional banking attacks but a surge in crypto‑asset theft.

This data comes from Kaspersky’s new Financial Cyberthreats report for 2024.

Financial phishing

In 2024, online fraudsters continued to lure users to phishing and scam pages that mimicked the websites of popular brands and financial organisations. Banks were the most popular lure in 2024, accounting for 42,6% of financial phishing attempts (compared to 38,5% in 2023).

Amazon Online Shopping was mimicked by 33,2% of all phishing and scam pages targeting online store users in 2024, making it the most popular online brand target for fraudsters. Apple’s share of attacks dropped nearly 3 percentage points (pp) on last year’s figure to 15,7%, while Netflix scams grew slightly to 16%. Meanwhile, fraudsters’ interest in the Alibaba marketplace increased, its share going up from 3,2% in 2023 to 8% in 2024.

Payment systems were mimicked in 19,3% of financial phishing attacks detected and blocked by Kaspersky products in 2024 (19,9% in 2023).

Once again PayPal was the most targeted brand, however, the ratio of attacks related to it fell from 54,7% to 37,5%. Attacks targeting Mastercard, on the contrary, nearly doubled from 16,6% in 2023 to 30,5% in 2024. American Express and Cielo are the new entrants into the top five replacing Visa, Interac and PayPay.

In 2024, the number of phishing and scam attacks related to cryptocurrencies saw a whopping increase. Kaspersky anti-phishing technologies prevented 10 706 340 attempts to follow a cryptocurrency-themed phishing link, an 83,4% increase over the 2023 figure of 5 838 499. As cryptocurrency popularity continues to grow, the number of attacks is only ever going to get larger.

Financial malware for PCs

While the number of users who encountered mobile banking malware increased, the share of those who were affected by financial PC malware decreased from 312 453 in 2023 to 199 204 in 2024.

Currently, most financial PC malware that Kaspersky detects is targeting not online banking, but crypto assets.

The banking Trojans that were most often detected in 2024 included ClipBanker (62,9%), Grandoreiro (17,1%), CliptoShuffler (9,5%) and BitStealer (1,3%). Grandoreiro is a full-fledged banking Trojan that targeted 1 700 banks and 276 crypto wallets in 45 countries and territories around the globe in 2024.

Mobile financial threats

In 2024, the number of users who encountered mobile banking Trojans grew 3,6-times compared to 2023: from 69 200 to 247 949, with malicious activity significantly increasing in the second half of 2024.

The most active Trojan-banker family in 2024 was Mamont (36,7%). Its distribution schemes ranged from simple scams to complex social engineering plots with fake stores and delivery tracking apps.

“In 2024, financial phishing and scams increased in numbers and reached a new level of sophistication, unleashing waves of attacks on users. Fraudsters are increasingly leveraging fake brands and services to get user data, and the popularity of smartphones for financial transactions only fuels their appetite.

Looking ahead, kaspersky expects financial phishing to become even more personalised and targeted, focusing on exploiting vulnerabilities in everyday digital habits, which will demand increased vigilance and thorough approaches to protection,” comments Olga Svistunova, senior web content analyst at Kaspersky.