Bank data theft attacks from smartphones tripled in 2024

The number of Trojan banker attacks on smartphones increased by 196% in 2024 compared to the previous year, according to Kaspersky's report "The mobile malware threat landscape in 2024", presented at Mobile World Congress 2025 in Barcelona. Cybercriminals are changing tactics, relying on mass distribution of malware aimed at stealing banking credentials. Last year, Kaspersky identified more than 33.3 million attacks on smartphone users worldwide, which included various types of malware and unwanted software.

The number of Trojan banker attacks on Android smartphones increased from 420,000 in 2023 to 1,242,000 in 2024. Trojan banker malware is designed to steal users' data for online banking, online payment services and credit card systems.

Cybercriminals lure their victims into downloading Trojan bankers by sending links via SMS or messaging apps, through malicious attachments, and by directing users to malicious websites. They may also send messages from a hacked contact's account, creating a sense of credibility. To deceive users, attackers often exploit news and popular trends, thus creating an impression of urgency and reducing victims' vigilance.

Although Trojan bankers are the fastest growing type of malware, they rank fourth overall in terms of the percentage of users affected, which stands at 6%. AdWare remains the most prevalent category, affecting 57% of users, followed by generic Trojans (25%) and RiskTools (12%). The ranking includes malware, adware and unwanted software.

In 2024, cybercriminals launched an average of 2.8 million malware, adware and malicious software attacks on mobile devices every month. During the year, Kaspersky products blocked a total of 33.3 million attacks.

In 2024, the Fakemoney group, a series of malicious fake investment and payment apps, was the most active threat. Another major concern was variant versions ofWhatsApp containing the Triada Trojan - a malware that can download and execute additional malicious or adware files to display ads or perform other unwanted actions. These unofficial WhatsApp mods were ranked third in activity, followed by a general category ofcloud-based threats.

To protect yourself from mobile threats, Kaspersky recommends:

• Downloading apps from official stores such as the Apple App Store and Google Play does not always ensure the absence of risks. Kaspersky recently discovered SparkCat, the first malware that steals screenshots, thus managing to bypass App Store security. The malware was also found on Google Play, with a total of 20 infected apps on both platforms, proving that these online stores are not 100% impenetrable. To stay safe, always check app reviews and download counts when possible, only use links from official websites, and use reliable security software like Kaspersky Premium, which can detect and block malicious actions if an app is found to be malicious.
• Check the permissions of the apps you use and think carefully about the permissions you grant to an app, especially when it comes to high-risk permissions such as Accessibility Services. For example, the only permission a flashlight app needs is the lens (which doesn't even require access to the camera).
• A good tip is to update your operating system and important applications as soon as updates become available. Many security issues can be solved by installing software updates.