Mobile Advertising Trojan Attacks Declined in 2017, Kaspersky Reports

Overall, Kaspersky Lab reported that the total number of mobile malware attacks grew in 2017, though multiple categories of mobile malware declined.

Mobile banking

Security firm Kaspersky Lab released its annual Mobile Malware Evolution report on March 7, revealing that there was a decline in the volume of multiple types of mobile malware threats in 2017, though the overall number of mobile malware attacks grew.

Kaspersky Lab mobile security products reported 42.7 million attempted mobile malware attacks in 2017, up from 40 million in 2016. However, a number of different types of mobile attacks declined in 2017, including mobile banking Trojans and mobile advertising Trojans.

The decline in mobile advertising Trojans is not surprising to Kaspersky Lab. "We were expecting it because of growth of share devices running newer Android versions," Roman Unuchek, senior malware analyst at Kaspersky Lab, told eWEEK. "These malware families are not related to non-mobile advertising malware."

Mobile advertising Trojans largely operated in 2016 by exploiting vulnerabilities in older versions of Google's Android mobile operating system in order to deliver malware. Kaspersky Lab reported that the number of devices running the Android 6.0 or newer operating system grew significantly in 2017 to 50 percent of Android devices, up from only 21 percent in 2016.

Mobile advertising malware should not be confused with adware, which is another category that declined, albeit marginally in 2017. Adware accounted for 13.23 percent of detections in fourth quarter of 2017, down from 13.24 percent in third quarter of 2017. Unuchek explained that mobile advertising Trojans are part of the Trojan, Backdoor and Trojan-Dropper malware categories, based on their malicious behavior. 

"Adware is mostly non-malicious but still aggressive and annoying advertising software," he said.

Banking Malware in Decline

Kaspersky Lab reported that it detected 94,368 installation packages for mobile banking Trojans in 2017, down from 128,886 in 2016.

Unuchek said that he was surprised by the decline in mobile banking Trojans in 2017, though there are several reasons he did point to for the decline. The Svpeng mobile banking Trojan was being distributed through the Google AdSense platform in 2016, and attackers were unable to do the same in 2016, he said. The Asacub mobile banking Trojan picked up in 2017, though it was not as successful as the Svpeng campaigns.

"We detected massive SMS spam distribution of the Asacub malware family, but it was a lot less than Svpeng in 2016," Unuchek said.


While banking and advertising mobile Trojan malware types were in decline in 2017, the same was not true for mobile ransomware. Kaspersky Lab reported that it discovered 544,107 mobile ransomware packages in 2017, which was double the figure reported for 2016.

Mobile ransomware is, however, still relatively uncommon for users to encounter. The top country impacted by mobile ransomware is the United States, where approximately 2 percent of Kaspersky Lab users came across the threat.    

Looking at 2018, Unuchek expects that there will be a growth in the volume of cryptocurrency miners, especially if cryptocurrency prices move higher. He also expects that if there are no new, easily exploitable Android vulnerabilities, then rooting malware will likely decline in 2018 as well, though he doesn't expect there will be any slowdown in attacker activities overall.

"Most likely, cyber-criminals won’t stop developing and spreading malware, but they will continue to look for new opportunities," he said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.