Historically High Q2 for Mobile Banking Trojans

Written by

Mobile banking Trojans ranked as a top security nuisance in the second quarter of 2018, including threats from a new cyber-espionage group, “Operation Parliament," which is reportedly targeting high-profile companies the Middle East and North Africa, especially Palestine, according to researchers at Kaspersky Lab.

Kaspersky Lab has published its Q2 IT Threat Evolution Report, and mobile banking Trojans topped the list of cyber headaches in Q2 2018, reaching an all-time high of more than 61,000 installation packages for mobile banking. Those numbers represent more than a threefold growth over Q1 2018. Out of all malware, US users were most often attacked with mobile banking malware in Q2.

By imitating other attack groups, Operation Parliament has remained somewhat under the radar, taking care to verify victim devices prior to infecting them. “The attacks, which started early in 2017, target parliaments, senates, top state offices and officials, political science scholars, military and intelligence agencies, ministries, media outlets, research centers, election commissions, Olympic organizations, large trading companies and others,” Kaspersky Lab researchers wrote in today’s post.

Another operation, ZooPark, has also targeted the Middle East with several variations of malware specifically aimed at Android devices using two distribution vectors: telegram channels and watering holes. In the latest version, researchers noted a more complex spyware, suggesting that it may have been purchased from a surveillance tools vendor.

The report also noted the continued use of VPNFilter, malware used to infect different brands of routers, in addition to an ongoing campaign in Central Asia attributed to Chinese-speaking threat actor LuckyMouse. Additionally, the continued tracking of Olympic Destroyer revealed that it has started a new campaign.

“Our telemetry, and the characteristics of the spear-phishing documents we have analyzed, indicate that the attackers behind Olympic Destroyer are now targeting financial and biotechnology-related organizations based in Europe – specifically, Russia, the Netherlands, Germany, Switzerland and Ukraine,” researchers wrote.

What’s hot on Infosecurity Magazine?