Malware authors continued to successfully leverage the COVID-19 pandemic last year to launch a wide variety of attacks, according to the 2020 Avira Report on Cybersecurity.
The cybersecurity firm detected that cyber-attacks went up by 15% last year compared to 2019, observing that the rate of scams rose and fell at the same rate and time as the virus appeared across the world. The peak rate of blocked attempts was in April, during the first wave of the pandemic.
As COVID-19 cases rose again in the final quarter of 2020, malware attacks correspondingly went up rapidly, with a correlation found between the number of attacks launched and the number of people working from home.
One major tactic utilized has been the development of special variants of well-known malware families that use COVID-19 lures to entice unsuspecting users to install them on their devices. An example highlighted in the study was a variant of the Android banking Trojan ‘Cereberus,’ which in many cases was distributed via phishing messages under the name ‘Corona-App.apk.’ The total number of Andorid banking Trojans detected in 2020 went up by 35% year-on-year, which the authors partially attributed to increasing use of mobile banking during the pandemic.
Looking ahead to the coming year, Avira said it expects stalkerware to become increasingly prevalent. This form of spyware, which can be installed without the knowledge or consent of the device owner, secretly monitors users and spies on personal information such as pictures, videos, messages and location data. A stealth mode enables the app to hide itself while in use.
Alexander Vukcevic, director of Avira Protection Labs, commented: “For many years, authors of malware have been using psychological tricks to lure unsuspecting users. Currently, we are in a situation where many people are looking for answers and are worried because of COVID-19. The authors of malware are specifically exploiting this uncertainty.”
He added: “Banking Trojans have always played an important role in the Android malware scene and this year they had an even bigger presence. In addition to the strategy of using COVID-19 as a cover, they also use the classic approach: they disguise themselves as a widely used app and ask for unusual permissions in order to obtain credit card data, for example.”