Kids on the Web in 2020 – 10 minute mail

Technology is what is saving us from a complete change in the way of life in a world of a raging pandemic. It keeps the educational process going, relieves the shortage of human communication and helps us to live life as fully as possible given the isolation and social distancing. Many adults, and children too, have come to realize that the computer is not just a means of entertainment, but an important tool for education, communication and personal growth.

In this article, we look at changes that occurred in children’s behavior on the Web over the past year and the pandemic period. The report is based on statistics gathered by Kaspersky Safe Kids, a software solution that protects children from unwanted content on the Internet.

How we collect our statistics

Kaspersky Safe Kids scans the contents of a Web page the child is trying to access. If the site falls into one of fourteen undesirable categories, the module sends an alert to Kaspersky Security Network. No user’s personal information is transmitted and neither is privacy compromised.

We will note two important points:

  • It is up to the parent to decide which content to block by tweaking the protective solution’s preferences. But anonymous statistics are collected for all the 14 categories.
  • Data is harvested only from computers running Windows and macOS; no mobile statistics are provided in this report.

Website categorization

Kaspersky Safe Kids filters Web content according to the following categories:

  • Internet communication
  • Adult content
  • Alcohol, tobacco, narcotics
  • Violence
  • Weapons, explosives, pyrotechnics
  • Profanity
  • Gambling, lotteries, sweepstakes
  • Computer games
  • E-tailers, banks, and payment systems
  • Software, audio, video
  • Anonymous access systems
  • Job search
  • Religion, religious associations
  • News media

In this article, we will take a closer look at the most-visited categories for the past year. We have combined the less popular ones into a separate category, with their share of alerts marked as “Other”.

Picture of the world

Kaspersky Safe Kids alerts distribution by category in June 2019 through May 2020 (download)

Children around the world have spent increasingly more time watching videos and listening to music. Software, Audio, Video accounted for nearly forty percent of all Safe Kids alerts over the past year. It was followed by Internet Communications with 24.16 percent and Video Games with 15.98 percent. Online stores were fourth in popularity with 11 percent and News were fifth with 5.54 percent.

Interestingly, Job Search sites with 0.89 percent attracted far more interest from teenagers than Adult Content with 0.74 percent.

Kaspersky Safe Kids Windows and macOS alerts distribution by category in June 2019 through May 2020 (download)

Windows users spent more time watching videos, gaming and reading news than macOS users. The latter preferred chatting and spent much more time shopping online. That said, the adult content Windows users watched on the average more frequently during the year.

Kaspersky Safe Kids alerts distribution by category in June 2019 through May 2020 (download)

The pandemic forced kids to study at home, attending classes online, and we have seen how this affected their time at the computer. They less frequently visited gaming sites starting at the beginning of the year, even when compared with the September 2019 low of 16.75 percent: the figure fell to 13.26 percent in May. Meanwhile, Internet Communications showed a slight growth in April exceeding the October 2019 high by 0.85 p.p. to reach 27.51 percent.

Children visited online stores the most in the October of 2019. The category accounted for 16.93 percent of all alerts. The popularity of online shopping has steadily decreased since then, dropping by 7.57 p.p. to 9.3 percent by April, but May saw it rebound slightly. Adult Content grew somewhat (by about 0.5 p.p.) in winter, then returned to the summer 2019 levels (0.49 percent) in May.

The graph shows an abnormal drop in visits to Software, Audio, Video websites  in October. The most likely cause can be considered to be the new macOS version, Catalina, released on October 7. Users who installed the update faced issues with streaming video on YouTube, Netflix, Amazon Prime and many other sites. The issue affected not just the Safari browser, but Google Chrome, Opera and Firefox as well. It was fixed in November, a fact that the statistics reflect.

Kaspersky Safe Kids alerts distribution for Software, Audio, Video on macOS in June 2019 through May 2020 (download)

Differences across regions, countries and months

Let us take a closer look at the most popular categories by region and by country to see if children’s preferences changed during the pandemic.

Software, audio, video

Software, Audio, Video has remained ahead of Internet Communications in recent years: kids have used Windows and macOS computers for watching videos and listening to music, but switched to mobile devices to chat. The category has retained its popularity even through the lockdown and online studies.

Kaspersky Safe Kids alerts distribution for Software, Audio, Video on Windows and macOS in June 2019 through May 2020 (download)

According to KSN statistics for the first half of 2020, Software, Audio, Video began to grow worldwide, reaching a peak of 42.47 percent on all platforms by May.

Kaspersky Safe Kids alerts distribution for Software, Audio, Video on Windows and macOS in June 2019 through May 2020 (download)

We explained the decrease in the category’s share on macOS in the fall and winter with issues stemming from an operating system update. As for the decline among Windows users around the same time, it was offset by increasing interest in other categories of sites, for instance, E-Commerce.

By the end of the reporting period, the share of Software, Audio, Video had increased among Windows users, whereas children using macOS began watching videos less frequently by May.

Kids in South Asia (India, Bangladesh) were most likely to spend their time watching videos and listening to music (46.16 percent). It was followed by Africa with 44.75 percent and the CIS with 43.83 percent.

Kaspersky Safe Kids alerts distribution for Software, Audio, Video by region in June 2019 through May 2020 (download)

The category had the lowest share in North America (36.20 percent) and Europe (35.94 percent). As we will see below, children in these regions gave preference not only to watching videos, but video games as well.

Kaspersky Safe Kids alerts distribution for Software, Audio, Video on Windows and macOS by region in June 2019 through May 2020 (download)

In Asia and South Asia, children who used macOS were more likely to consume audio and video content than those who used Windows. In other regions, the category’s Windows share was higher than macOS. In the CIS countries, children’s behavior was nearly identical on the two operating systems.

Interestingly, the distribution of countries where the share of Software, Audio, Video was the largest differs slightly from the regional breakdown.

Kaspersky Safe Kids alerts distribution for Software, Audio, Video by country in June 2019 through May 2020 (download)

Children in Belarus (50.59 percent), Japan (49.67 percent), Saudi Arabia (49.54 percent) and India (47.66 percent) favored websites that offered video and music over the past year. YouTube was the most popular video streaming service with kids anywhere in the world.

Online communication

Internet Communications predictably peaked at 27.45 percent in April 2020 as the process of switching schoolchildren to distance learning completed in most countries.

Kaspersky Safe Kids alerts distribution for Internet Communications on Windows and macOS in June 2019 through May 2020 (download)

We observe a pronounced growth from 17.87 percent in June 2019 to 36.63 percent in May 2020 on desktop computers and laptops running macOS. October’s peak was due to a reduction in the share of Software, Audio, Video category following the macOS update.

Kaspersky Safe Kids alerts distribution for Internet Communications on Windows and macOS in June 2019 through May 2020 (download)

Internet Communications accounted for an average of 32.76 percent, with 32.17 percent in Latin America and 30.54 percent in the CIS, and the lowest recorded shares being 15.50 percent in Europe and 16.58 percent in Oceania.

Kaspersky Safe Kids alerts distribution for Internet Communications by region in June 2019 through May 2020 (download)

Kaspersky Safe Kids alerts distribution for Internet Communications by country on the average in June 2019 through May 2020 (download)

The largest proportions of children using personal computers for internet communication were recorded in Egypt, Kenya, Mexico and Russia. The lowest rates were recorded in Germany, Australia, the UK and Canada.

Starting at the beginning of 2020, the most popular sites in the Internet Communications category were skype.com, hangouts.google.com, web.whatsapp.com, meet.google.com, facebook.com, twitter.com and mail.google.com.

Computer games

Despite the fact that the share of Video Games alerts showed a downward trend in the first half of 2020, the category ranked third among the most popular website topics.

Kaspersky Safe Kids alerts distribution for Video Games on Windows and macOS in June 2019 through May 2020 (download)

Kids spent more times playing video games on Windows than macOS desktop computers and laptops. This is due to the fact that most computer games are released for the Windows operating system. However, by the end of the reporting period, macOS users’ interest in games had grown.

Kaspersky Safe Kids alerts distribution for Video Games on Windows and macOS in June 2019 through May 2020 (download)

Kids all around the world started visiting gaming sites less frequently, though. This can be explained by added activity in the form of school lessons, which relocated into the home due to the pandemic. Interestingly, the share of Video Games began to decline among Windows users starting in the fall of 2019.

While North America, Europe and Oceania did not show increased activity in Internet Communications and Software, Audio, Video, these regions had the highest shares of Video Games activity.

Kaspersky Safe Kids alerts distribution for Video Games by region in June 2019 through May 2020 (download)

According to our statistics, the UK had the highest proportion of children interested in games with 23.94 percent, followed by the US with 21.61 percent and Australia with 20.94 percent. The most popular Video Games sites in the UK and the US were blizzard.com, roblox.com, epicgames.com, discordapp.com, ubi.com, origin.com, friv.com, curseforge.com, minecraftmods.com and crazygames.com. Australia’s most popular sites in the category were roblox.com and a variety of Minecraft message boards.

Kaspersky Safe Kids alerts distribution for Video Games by country in June 2019 through May 2020 (download)

E-Commerce

E-Commerce is another category where we observed increased activity throughout the year.

Kaspersky Safe Kids alerts distribution for E-Commerce in June 2019 through May 2020 (download)

The October 2019 peak, as we said earlier, was associated with a disruption in percentage shares across categories on all platforms due to a malfunction in the new macOS. But, in November and December, kids’ interest in online shopping was also higher than in the other months. Which is not surprising: November is the time of the Black Friday sales around the world, and December typically sees everyone busy picking Christmas and New Year’s presents.

Kaspersky Safe Kids alerts distribution for E-Commerce on Windows and macOS in June 2019 through May 2020 (download)

Children who used macOS spent much more hours looking at online shopping windows than their peers who used Windows.

Kaspersky Safe Kids alerts distribution for E-Commerce by region in June 2019 through May 2020 (download)

Children in Europe, North America and Oceania visited online stores and showed interest in shopping more frequently than others. The CIS, Asia and Latin America showed the lowest activity rates in the world.

Kaspersky Safe Kids alerts distribution for E-Commerce by country in June 2019 through May 2020 (download)

The leaders by share of visits to online stores were children in Germany (19.51 percent), the UAE (17.22 percent) and Canada (15.86 percent). The lowest figure was recorded in Kazakhstan (4.60 percent) and Egypt (5.18 percent).

The most visited sites in Germany were amazon.de, otto.de, ebay.com; in the UAE, amazon.ae, panemirates.com, amazon.com and luluhypermarket.com; and in Canada, amazon.ca, visions.ca and bestbuy.ca.

News

Not just adults, but kids, too, showed interest in news, especially in light of recent events. The number of children’s visits to news websites grew around the world as coverage of the pandemic began. The peak (7.26 percent) fell on March, when most children were switched to distance learning.

Kaspersky Safe Kids alerts distribution for News on Windows and macOS in June 2019 through May 2020 (download)

Windows users, in general, showed more interest in news than those who used macOS. However, in February, the figure for macOS (7.25 percent) was higher than that for Windows (6.75 percent).

Kaspersky Safe Kids alerts distribution for News on Windows and macOS in June 2019 through May 2020 (download)

Kaspersky Safe Kids alerts distribution for News by region in June 2019 through May 2020 (download)

The largest share of News among Safe Kids users was recorded in Europe (11.11 percent), where the most active news-reading countries were the UK (14.14 percent), Germany (12.75 percent), France (10.97 percent) and Italy (10.25 percent). The lowest rate was recorded in the CIS (3.17 percent) and Africa (3.96 percent).

Kaspersky Safe Kids alerts distribution for News by country in June 2019 through May 2020 (download)

Interest in news peaked in the UK and in Italy at in February. Think of the fact that the transition to distance learning in these two countries took place in late February, whereas Germany and France went through the transition in early March, and interest in news there peaked in March, too.

Adult content

Kids were interested in adult content to a lesser extent. According to the global statistics, the popularity of this category peaked in January 2020 (1.12 percent), followed by a decline to the annual average.

Kaspersky Safe Kids alerts distribution for Adult Content on Windows and macOS in June 2019 through May 2020 (download)

That said, macOS users showed greater interest in pornography than Windows users.

Kaspersky Safe Kids alerts distribution for Adult Content on Windows and macOS in June 2019 through May 2020 (download)

Though in 2019 Windows accounted for a higher percentage of alerts, the trend changed at the beginning of 2020.

Kaspersky Safe Kids alerts distribution for Adult Content by region in June 2019 through May 2020 (download)

The CIS and Europe had the largest share of users who showed interest in Adult Content: 1.07 percent and 0.83 percent, respectively. The lowest rates were recorded in the Arab world (0.18 percent) and Oceania (0.24 percent).

However, the distribution by country shows that children in Mexico had the highest interest in Adult Content: 1.72 percent.

Kaspersky Safe Kids alerts distribution for Adult Content by country in June 2019 through May 2020 (download)

They were followed by children in Russia (1.06 percent) and France (0.95 percent). Children in China were least likely to access Adult Content on desktop computers: 0.04 percent.

Summary

The world is witnessing an unprecedented demonstration of digital technology primarily helping children develop, rather than impede their development. Online education, and communication with friends and relatives are all made possible only through technology developed in recent decades, which have become not just a day-to-day assistant, but a lifeline in times when leaving home and making personal contact can pose a health threat.

Data for recent months shows that children who are staying at home with constant access to the computer primarily chat and watch videos. And those are not necessarily just entertaining videos: there might be educational content amid that stream of YouTube clips.

This year, we noticed an interesting trend: children who use different operating systems diverge in their online behaviors. Kids who use macOS spend more time in online stores, show slightly more interest in adult content, chat more online and less frequently visit gaming sites. Windows users show greater interest in games and news, and visit websites with video and audio content more frequently.

We have also learned that children, like adults, pay attention to the news when the situation in the world concerns them directly. So, in the month when various countries were expecting to switch to distance learning, kids started to follow the situation closer by going to news sites.

Today’s children, who start interacting with technology at an early age, find moving all of their day-to-day activities online much easier than adults, and they are better adapted to situations where going outside could be life-threatening. Adults tend to question certain online activity, such as communications, but in a world where it is the only safe means of social contact, comes the realization that there may be more to it!


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Verizon’s 2020 DBIR | Securelist – 10 minute mail

Verizon’s 2020 DBIR is out, you can download a copy or peruse their publication online. Kaspersky was a contributor once again, and we are happy to provide generalized incident data from our unique and objective research.

We have contributed to this project and others like it for years now. This year’s ~120 page report analyses data from us and 80 other contributors from all over the world. The team provides thoughts on a mountain of breach data – “This year, we analyzed a record total of 157,525 incidents. Of those, 32,002 met our quality standards and 3,950 were confirmed data breaches”. And this year, Verizon pulled in far more data on cybercrime breaches this year, and report on thousands of them. We include a few interesting notes here.

  • 70% of reported breaches were perpetrated by external actors.
  • Majority of breaches do not just involve a dropped Trojan.
  • 86% of breaches were financially motivated.
  • 81% of breaches were contained in days or less.
  • Defenders are up against organized crime.
  • Almost a third of reported breaches involved ransomware.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Financial Cyberthreats in 2019 | Securelist – 10 minute mail

Methodology

Financial cyberthreats are malicious programs that target users of services such as online banking, e-money, and cryptocurrency, or that attempt to gain access to financial organizations and their infrastructure. These threats are usually accompanied by spam and phishing activities, with malicious users creating fake financial-themed pages and emails to steal victims’ credentials.

In order to study the threat landscape of the financial sector, our researchers analyzed malicious activity on the devices of individual users of Kaspersky’s security solutions. Statistics for corporate users were collected from corporate security solutions, after the customers agreed to share their data with Kaspersky.

The information obtained was compared with data for the same period in 2018 to monitor the trends in malware development.

Introduction and key findings

In 2019, we witnessed a number of significant changes in the cyberthreat landscape. Cybercriminals started to lose interest in malicious cryptocurrency mining and turned their attention to the broader topic of digital trust and privacy issues.

How did all those changes affect financial security around the world? As our report for the first half of 2019 demonstrated, there is no room for complacency – cyberthreats that aim to steal money are still out there.

Although the financial industry did not witness any major cases in 2019, the statistics show that particular categories of users and businesses are still being targeted by criminals. We have prepared this report to provide a more detailed picture of the situation.

This publication continues our series of Kaspersky reports (see here, here, and here) providing an overview of how the financial threat landscape has evolved over the years. It covers the common phishing threats that users encounter, along with Windows-based and Android-based financial malware.

Phishing:

  • In 2019, the share of financial phishing increased from 44.7% of all phishing detections to 51.4%.
  • Almost every third attempt to visit a phishing page blocked by Kaspersky products is related to banking phishing (27% share).
  • The share of phishing-related attacks on payment systems and online stores accounted for almost 17% and over 7.5% respectively in 2019. This is more or less the same as 2018 levels.
  • The share of financial phishing encountered by Mac users fell slightly from 57.6%, accounting for 54%.

Banking malware (Windows):

  • In 2019, the number of users attacked with banking Trojans was 773,943 – a decrease compared to the 889,452 attacked in 2018.
  • 1% of users attacked with banking malware were corporate users – an increase from 24.1% in 2018.
  • Users in Russia, Germany, and China were attacked most frequently by banking malware.
  • Just four banking malware (ZBot, RTM, Emotet, CliptoShuffler) families accounted for attacks on the vast majority of users (around 87%).

Android banking malware:

  • In 2019, the number of users that encountered Android banking malware dropped to just over 675,000 from around 1.8 million.
  • Russia, South Africa, and Australia were the countries with the highest percentage of users attacked by Android banking malware.

Financial phishing

Financial phishing is one of the most popular ways for criminals to make money. It doesn’t require a lot of investment but if the criminals get the victim’s credentials, they can either be used to steal money or sold.

As our telemetry systems show, this type of activity has accounted for around half of all phishing attacks on Windows users in recent years.

The percentage of financial phishing attacks (from overall phishing attacks) detected by Kaspersky, 2014-2019 (download)

In 2019, the overall number of phishing detections stood at 467,188,119. 51.4% of those were finance-related attacks. That is the second-highest share ever registered by Kaspersky; the highest proportion of financial phishing was 53.8% in 2017.

The distribution of different types of financial phishing detected by Kaspersky in 2019 (download)

Compared to the previous year, bank-related phishing grew from a share of 21.7% to almost 30% in 2019. The other two main finance categories remained more or less at the same level.

Financial phishing on Mac

As is now customary, we also compare the above statistics with those for MacOS: while the latter has traditionally been considered a relatively secure platform when it comes to cybersecurity, nobody knows where the latest threats may strike. Moreover, phishing is an OS-agnostic activity – it is all about social engineering.

In 2018, 57.6% of phishing attacks against Mac users attempted to steal financial data. A third of those were bank-related attacks. In 2019, the overall level was slightly less – just over 54%.

In 2019, the breakdown of categories was as follows:

The distribution of different types of financial phishing detected by Kaspersky on Macs in 2019 (download)

The share of bank phishing actually grew by around 6% compared to 2018. At the same, the E-shop category’s share dropped from around 18% to around 8%. The Payment systems category remained more or less unchanged. Overall, our data shows that the financial share of phishing attacks on Macs is also quite substantial – like that for Windows. Let’s take a closer look at both categories.

Mac vs Windows

In 2017, we discovered an interesting twist when Apple became the most frequently used brand name in the online shopping category both in the MacOS and Windows statistics, pushing Amazon down to second place for the latter platform. Even more interesting is that in 2018 Apple maintained its position in the Windows statistics, but Amazon led the MacOS statistics for the first time since we started tracking this activity. In 2019, the situation was as follows:

  Mac Windows
1 Apple Apple
2 Amazon.com: Online Shopping Amazon.com: Online Shopping
3 eBay eBay
4 groupon Steam
5 Steam Americanas
6 ASOS groupon
7 Americanas MercadoLibre
8 Shopify Alibaba Group
9 Alibaba Group Allegro

The most frequently used brands in the E-shop category of financial phishing activity, 2019

What is most interesting in the table above is that the top three places appear to be OS agnostic and are the same for both Mac and Windows.

When it comes to attacks on users of payment systems, the situation is as follows:

  Mac Windows
1 PayPal Visa Inc.
2 MasterCard International PayPal
3 American Express MasterCard International
4 Visa Inc. American Express
5 Authorize.Net Cielo S.A.
6 Stripe Stripe
7 Cielo S.A. Authorize.Net
8 adyen payment system adyen payment system
9 Neteller Alipay

The most frequently used brands in the Payment systems category of financial phishing activity, 2019

The data above can be viewed as a warning to users of the corresponding systems: they illustrate to what extent malicious users exploit these well-known names to fraudulently obtain payment card details as well as online banking and payment system credentials.

Phishing campaign themes

The list of 2019 phishing campaigns covered below includes the usual suspects: fake versions of online banking and payment systems or web pages mimicking internet stores.

A phishing page masquerading as a payment service

 Phishing pages masquerading as payment service pages

Phishing pages masquerading as an e-store pages

Of course, by clicking a link or entering credentials on pages like these, a user will not be accessing their account – they will be passing on important personal information to the fraudsters.

Some of the most common scams used to trick users include messages that refer to the hacking or blocking of an account or offers of incredible bargains.

Banking malware on PCs

For clarity, when discussing financial malware in this paper we mean typical banking Trojans designed to steal the credentials used to access online banking or payment system accounts and to intercept one-time passwords. Kaspersky has been monitoring this particular type of malware for a number of years:

The number of users attacked with banking malware, 2016-2018 (download)

As we can see, throughout 2016 there was a steady growth in the number of users attacked with bankers – following downward trends in 2014 and 2015. 2017 and the first half of 2018 saw a return to a downward trend. The number of attacked users worldwide fell from 1,088,933 in 2016 to 767,072 in 2017 – a decline of almost 30%.

Below are the figures for 2019.

The number of users attacked with banking malware 2019 (download)

In 2019, the number of users attacked with banking Trojans stood at 773,943 – a slight decrease compared to 889,452 in 2018.

The geography of attacked users

As shown in the charts below, more than half of all users attacked with banking malware in 2018 and 2019 were located in just 10 countries.

The geographic distribution of users attacked with banking malware in 2018 (download)

The geographic distribution of users attacked with banking malware in 2019 (download)

In 2019, Russia’s share increased and accounted for over one-third of attacks. Germany remained in second place, while China ended the year in third place.

The type of users attacked

It is also interesting to look at the consumer/corporate split in victimology.

The distribution of attacked users by type in 2018-2019 (download)

The main actors and developments

For years, the banking malware landscape has been dominated by several major players.

The distribution of the most widespread banking malware families in 2018 (download)

In 2018, we saw the major players decreasing their attacks – Zbot fell to 26.4% and Gozi to a little over 20%.  2019 produced the following situation.

The distribution of the most widespread banking malware families in 2019 (download)

Zbot is still the most widespread malware, while second and the third places are occupied by RTM and Emotet. Gozi dropped out of the top three, ending the year in sixth place.

Mobile banking malware

In 2018, we reviewed the methodology behind the mobile section of this report. We had previously analyzed Android banking malware statistics using KSN data sent by the Kaspersky Internet Security for Android solution. But as Kaspersky developed new mobile security solutions and technologies, the statistics gathered from one product alone became less relevant. That is why we decided to shift to expanded data, gathered from multiple mobile solutions. The data for 2016 and 2017 in this report was recalculated using the new methodology.

The change in the number of users attacked with Android banking malware, 2016-2019 (download)

In 2019 the number of users that encountered Android banking malware dropped to 675,000 from around 1.8 million in 2018.

To get a clearer picture of what is behind these dramatic changes we took a closer look at the landscape and reviewed the most widespread families across the year. In 2018, the situation was as follows:

The most widespread Android banking malware in 2018 (download)

Asacub’s share more than doubled YoY to almost 60%, followed by Agent (14.28%) and Svpeng (13.31%). All three experienced explosive growth in 2018, especially Asacub as it peaked from 146,532 attacked users in 2017 to 1,125,258.

The most widespread Android banking malware in 2019 (download)

In 2019, there was almost no change among the most widespread families. The Asacub family was the only exception – it conceded some of its share to its nearest competitors. However, it still accounted for almost half of all attacks.

Geography of attacked users

In previous reports, we calculated the distribution of users attacked with Android banking Trojans by comparing the overall number of unique users attacked by this type of malware with the overall number of users in a region. There was always one problem – the majority of detections in Russia traditionally came from this malicious software due to the prevalence of SMS banking in the region, which allowed attackers to steal money with a simple text message if an infection was successful. Previously, the same was true for SMS Trojans, but after regulative measures, criminals found a new way to capitalize on victims in Russia.

In 2018, we decided to change the methodology and replaced the overall number of attacked unique users with the share of unique users that faced this threat from the overall number of users registered in the respective region.

The picture for 2018 was as follows:

Percentage of Android users who encountered banking malware by country, 2018 (download)

The top 10 countries with the highest percentage of users that encountered Android banking malware in 2018:

Russia 2.32%
South Africa 1.27%
US 0.82%
Australia 0.71%
Armenia 0.51%
Poland 0.46%
Moldova 0.44%
Kyrgyzstan 0.43%
Azerbaijan 0.43%
Georgia 0.42%

In 2019 it changed to:

Percentage of Android users who encountered banking malware by country, 2019 (download)

The top 10 countries with the highest percentage of users that encountered Android banking malware in 2019:

Russian Federation 0.72%
South Africa 0.66%
Australia 0.59%
Spain 0.29%
Tajikistan 0.21%
Turkey 0.20%
US 0.18%
Italy 0.17%
Ukraine 0.17%
Armenia 0.16%

Australia replaced the US in the top three. Also of interest is the fact that the average percentage fell for all countries – sometimes 2-digit decrease can be seen.

Major changes to the Android banking malware landscape

While the figures tell their own story, there are many more ways to explore the changes and developments in the threat landscape. Our key method is the analysis of actual malware found in the wild.

As this analysis shows, 2019 was a relatively stable year when it comes to malicious mobile software. One point of interest, however, may be a new technique that we recently observed with Ginp and Cerberus Trojans.

At the very beginning of 2020, we found a new version of the Ginp banking Trojan that was first discovered by a Kaspersky analyst in 2019. Apart from the standard functions of an Android banker – the ability to intercept and send text messages, and perform window overlays – the new version involves a highly unconventional function to insert fake text messages in the inbox of a standard SMS app.

These messages are made to look like notifications from reputable app vendors informing users about an undesirable event (blocked account access, for example). In order to resolve the issue, the user is requested to open the application. Once the victim does that, the Trojan overlays the original window and asks the user to enter their credit card or bank account details, which then end up in the hands of cybercriminals.

We subsequently detected a rise in a technique used by the infamous Cerberus banker on Android devices. This malware increasingly produces fake push notifications to users on behalf of several banking applications. The detected messages urge Polish-speaking targets to open applications and check their cards and bank accounts by entering their login credentials. This technique is on the rise with more fake notifications being produced on behalf of more and more banking applications.

Conclusion and advice

2019 has demonstrated that cybercriminals continue to update their malware with new features, investing resources in new distribution methods and techniques to avoid detection. The increase in banking Trojan activity targeting corporate users is also of concern as such attacks could bring more problems than attacks on ordinary users.

This all means that malicious users are still gaining financially from their activities.

As the above threat data shows, there is still plenty of motivation for financial fraud operations involving phishing and specialized banking malware. At the same time, mobile malware regained its ability to jeopardize users across the world.

To avoid losing money as a result of a cyberattack, Kaspersky experts advise the following.

To protect against financial threats, Kaspersky recommends that users:

  • Only install applications from trusted sources such as official stores;
  • Check what access rights and permissions the application requests – if they do not correspond to what the program is designed to do, then it should be questioned;
  • Do not follow links in spam messages and do not open documents attached to them;
  • Install a reliable security solution – such as Kaspersky Security Cloud – that protects against a wide range of threats. The service also incorporates the Permission Checker feature for Android that allows users to see which applications have access to a device’s camera, microphone, location and other private information and restrict them if necessary.

To protect your business from financial malware, Kaspersky security specialists recommend:

  • Introducing cybersecurity awareness training for your employees, particularly those who are responsible for accounting, to teach them how to distinguish phishing attacks: do not open attachments or click on links from unknown or suspicious addresses;
  • Explaining to users the risk of installing programs from unknown sources. For critical user profiles, such as those in financial departments, switch on default-deny mode for web resources to ensure they can only access legitimate sites;
  • Installing the latest updates and patches for all the software you use;
  • Enabling protection at the level of internet gateways as it shields from many financial and other threats even before they reach employee endpoints. Kaspersky Security for Internet Gateways protects all devices in the corporate network from phishing, banking Trojans and other malicious payloads;
  • Using mobile protection solutions or corporate internet traffic protection to ensure employee devices are not exposed to financial and other threats. The latter helps protect even those devices for which antivirus is unavailable;
  • Implementing an EDR solution such as Kaspersky Endpoint Detection and Response for endpoint level detection, investigation and timely remediation of incidents. It can even catch unknown banking malware;
  • Integrating Threat Intelligence into your SIEM and security controls in order to access the most relevant and up-to-date threat data.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.