Cheetah: Mobile Banking, Payment Malware on the Rise

Last week, Cheetah Mobile released the results of its June Security Report, which found an overall increase in mobile banking and payment malware attacking Android users over the past month. According to Cheetah’s research, more than 100 countries fell victim to these attacks in June, with mobile users in Vietnam, Russia and Taiwan the most susceptible. Mobile users in Russia, Ukraine and the United States were also most likely to be hit by ransomware such as Simplelocker.

In its report, Cheetah—which offers a suite of free anti-malware apps on the Google Play Store—outlined several different types of the most prevalent malware affecting mobile users, most notable mobile payment malware capable of stealing a user’s personal banking information. While the majority of these incidents occur in Eastern Europe and Asia, Cheetah said the number of reported incidents in the United States has increased significantly, with 1,854 cases in June compared to 1,714 cases in May. Typically, this flavor of malware spreads through a user’s contact list, so multiple devices can be affected quickly after the attack occurs.

Simplelocker is a variation of the maligned Cryptolocker program, which locks a user's phone and demands a ransom to unlock the device. In addition to being the only form of malware able to successfully encrypt files on a user’s device, the program’s extortion fee is real, unlike that of Cryptolocker's, according to Cheetah. There are currently 40 known versions of Simplelocker available, with the majority of them disguised as media players on popular mobile websites. An estimated 15,000 users are affected monthly.

Other types of malware, including Trojans, also are on the rise, particularly for Android users. More than 17,000 separate infections fitting the stubborn Trojan bill have been identified recently, according to the report, with users in Russia and Korea again making up the majority of those infected. Variations on these Trojans include “Express Delivery” messages asking users to click for more information as well as the “Korean BankKiller” Trojan, which pretends to be a popular game or tool that takes over a user’s bank account app.

The full report can be found here (and yes, the link is safe).