Iran Takes First Place For Mobile Malware Infections In Q1 2020

During the first quarter of 2020, there was a significant increase in mobile malware threats, aided by the global spread of the COVID-19 disease. Many malicious programs were rebranded as coronavirus tracking applications and started to spread as fast as the news of the outbreak.

Almost half (49.9%) of the mobile malware threats that were detected were adware apps, a 19% increased compared to Q1 of 2019. According to a report by Kaspersky, Iran was the leader in mobile infections during Q1 of 2020, with 39.56% of detections. The most commonly detected apps included versions of Ewind and HiddenAd, as well as the FakeAdBlocker family.

The COVID-19 fears provided plenty of social engineering opportunities for malware creators and distributors, who took advantage of people's fears and distribute bogus apps such as the Coronavirus Finder. The Coronavirus Finder app was allegedly able to detect nearby people infected with COVID-19 but was actually a modified sample of the Ginp banking trojan. The hackers even sold it for €0.75.

After people bought and installed the Coronavirus Finder app, the trojan was able to access data on their mobile devices such as their bank card details and intercept text messages that might contain two-factor authentication codes.

And while Iran suffered from most mobile malware infections in the first quarter of 2020, most detections were from the Notifyer adware family, and Telegram clone apps. Algeria took second place for mobile infections with 21.44%, mostly targeted by the FakeAdBlocker and HiddenAd families. Bangladesh rounded the top three with 18.58% of detections, mainly from the HiddenAd adware family.

With the increase in online shopping and mobile payments during the COVID-19 pandemic, the spread of banking trojans was imminent. Security researchers from Kaspersky have reported that banking trojan detections have gone up 40% compared to the same period last year, increased a whopping 180% compared to Q4 of 2019, and are likely going to continue to rise.

While being able to do all sorts of payments through your phone can be handy, security experts advise that the least you can do is download your apps from legitimate sources like Google's Play Store and Apple's App Store. If we are to take a look at the most recent campaign pushing the PhantomLance spyware, however, we can see that this isn't always enough to protect yourself from malware.