Islamabad: In 2024, as digital financial transactions continued to expand worldwide, cybercriminals shifted their focus toward mobile devices and crypto assets. According to Kaspersky’s new Financial Cyberthreats report, the number of users encountering mobile banking Trojans rose by 3.6 times compared to 2023, while crypto‑related phishing detections climbed by 83.4%. Kaspersky antiphishing technologies prevented 10,706,340 attempts to follow a cryptocurrency-themed phishing link, an 83.4% increase over the 2023 figure of 5,838,499. As cryptocurrency popularity continues to grow, the number of attacks is only ever going to get larger.
Meanwhile, PC‑focused malware saw a decline in traditional banking attacks but a surge in crypto‑asset theft. This data comes from Kaspersky’s new Financial Cyberthreats report for 2024.
In 2024, online fraudsters continued to lure users to phishing and scam pages that mimicked the websites of popular brands and financial organizations. Banks were the most popular lure in 2024, accounting for 42.6% of financial phishing attempts (compared to 38.5% in 2023). Amazon Online Shopping was mimicked by 33.2% of all phishing and scam pages targeting online store users in 2024, making it the most popular online brand target for fraudsters. Apple’s share of attacks dropped nearly 3 p.p. on last year’s figure to 15.7%, while Netflix scams grew slightly to 16%. Meanwhile, fraudsters’ interest in the Alibaba marketplace increased, its share going up from 3.2% in 2023 to 8% in 2024.
Payment systems were mimicked in 19.3% of financial phishing attacks detected and blocked by Kaspersky products in 2024 (19.9% in 2023). Once again PayPal was the most targeted brand, however, the ratio of attacks related to it fell from 54.7% to 37.5%. Attacks targeting Mastercard, on the contrary, nearly doubled from 16.6% in 2023 to 30.5% in 2024.
While the number of users who encountered mobile banking malware increased, the share of those who were affected by financial PC malware decreased from 312,453 in 2023 to 199,204 in 2024. Currently most financial PC malware that Kaspersky detects is targeting not online banking, but crypto assets. The banking Trojans that were most often detected in 2024 included ClipBanker (62.9%), Grandoreiro (17.1%), CliptoShuffler (9.5%) and BitStealer (1.3%). Grandoreiro is a full-fledged banking Trojan that targeted 1,700 banks and 276 crypto wallets in 45 countries and territories around the globe in 2024.
In 2024, the number of users who encountered mobile banking Trojans grew 3.6 times compared to 2023: from 69,200 to 247,949, with malicious activity significantly increasing in the second half of 2024. The most active Trojan-Banker family in 2024 was Mamont (36.7%).
“In 2024, financial phishing and scams increased in numbers and reached a new level of sophistication, unleashing waves of attacks on users. Fraudsters are increasingly leveraging fake brands and services to get user data, and the popularity of smartphones for financial transactions only fuels their appetite. Looking ahead, we expect financial phishing to become even more personalized and targeted, focusing on exploiting vulnerabilities in everyday digital habits, which will demand increased vigilance and thorough approaches to protection,” comments Olga Svistunova, senior web content analyst at Kaspersky.
Kaspersky recommends users should not follow links from suspicious messages, need to double-check web pages before entering credentials or banking card details. Turn on multifactor authentication, and set strong unique passwords. Use reliable security solution, such as Kaspersky Premium, capable of detecting and stopping both malware and phishing attacks.
Businesses should update their software in a timely manner, paying particular attention to security patches. Improve employees’ security awareness on a regular basis and encourage safe practices, such as proper account protection. Implement robust monitoring and cybersecurity solutions, for example from Kaspersky Next product line. Implement strict security policies for users with access to financial assets, such as default deny policies and network segmentation. Use threat intelligence services from trusted sources to stay aware of the latest threats and cybercrime trends.
For more information, please go to Securelist.