In 2024, as digital financial transactions continued to expand worldwide, cybercriminals shifted their focus towards mobile devices and crypto assets. According to Kaspersky’s new Financial Cyberthreats report, the number of users encountering mobile banking Trojans rose 3.6 times compared to 2023, while crypto related phishing detections climbed by 83.4%. Meanwhile, PC focused malware saw a decline in traditional banking attacks but a surge in crypto asset theft. This data comes from Kaspersky’s new Financial Cyberthreats report for 2024.

Financial Phishing

In 2024, online fraudsters continued to lure users to phishing and scam pages that mimicked the websites of popular brands and financial organisations.

Banks were the most popular lure in 2024, accounting for 42.6% of financial phishing attempts (compared to 38.5% in 2023). Amazon Online Shopping was mimicked by 33.2% of all phishing and scam pages targeting online store users in 2024, making it the most popular online brand target for fraudsters. Apple’s share of attacks dropped nearly 3 percentage points from last year’s figure to 15.7%, while Netflix scams grew slightly to 16%. Meanwhile, fraudsters' interest in the Alibaba marketplace increased, with its share rising from 3.2% in 2023 to 8% in 2024.

Payment systems were mimicked in 19.3% of financial phishing attacks detected and blocked by Kaspersky products in 2024 (19.9% in 2023). Once again, PayPal was the most targeted brand; however, the ratio of attacks related to it fell from 54.7% to 37.5%. Attacks targeting Mastercard, on the other hand, nearly doubled from 16.6% in 2023 to 30.5% in 2024. American Express and Cielo are the new entrants to the top five, replacing Visa, Interac, and PayPay.

In 2024, the number of phishing and scam attacks related to cryptocurrencies saw a substantial increase. Kaspersky anti-phishing technologies prevented 10,706,340 attempts to follow a cryptocurrency-themed phishing link, an 83.4% increase over the 2023 figure of 5,838,499. As cryptocurrency popularity continues to grow, the number of attacks is only likely to increase.

Financial Malware for PCs

While the number of users encountering mobile banking malware increased, the share of those affected by financial PC malware decreased from 312,453 in 2023 to 199,204 in 2024. Currently, most financial PC malware detected by Kaspersky is targeting not online banking but crypto assets. The banking Trojans most often detected in 2024 included ClipBanker (62.9%), Grandoreiro (17.1%), CliptoShuffler (9.5%), and BitStealer (1.3%). Grandoreiro is a full-fledged banking Trojan that targeted 1,700 banks and 276 crypto wallets in 45 countries and territories worldwide in 2024.

Among the top 20 countries by the share of users affected by financial malware for PCs were Turkmenistan (8.8%), Tajikistan (6.2%), Kazakhstan (2.5%), Switzerland (2.3%), Kyrgyzstan (2.2%), Mexico (1.6%), Argentina (1.1%), Paraguay (1.1%), and Uruguay (1%).

Mobile Financial Threats

In 2024, the number of users encountering mobile banking Trojans grew 3.6 times compared to 2023: from 69,200 to 247,949, with malicious activity significantly increasing in the second half of 2024. The most active Trojan-Banker family in 2024 was Mamont (36.7%). Its distribution schemes ranged from simple scams to complex social engineering plots involving fake stores and delivery tracking apps.

Türkiye remained the country most targeted by mobile banking malware. The share of users encountering financial threats there grew by almost 3 percentage points, reaching 5.7%. Malicious activity also increased in Indonesia (2.7% of all users per country affected), India (2.4%), Azerbaijan (0.9%), Uzbekistan (0.6%), and Malaysia (0.3%).

“In 2024, financial phishing and scams increased in both number and sophistication, unleashing waves of attacks on users. Fraudsters are increasingly leveraging fake brands and services to obtain user data, and the popularity of smartphones for financial transactions only fuels their appetite. Looking ahead, we expect financial phishing to become even more personalised and targeted, focusing on exploiting vulnerabilities in everyday digital habits, which will demand increased vigilance and comprehensive protection,” comments Olga Svistunova, Senior Web Content Analyst at Kaspersky.

Kaspersky Recommends the Following Tips to Stay Protected

For individual users:

• Use multifactor authentication and strong, unique passwords.

• Do not follow links from suspicious messages and double-check web pages before entering your credentials or banking card details.

• Use reliable security solutions capable of detecting and stopping both malware and phishing attacks.

• Download apps only from trusted sources, such as official app marketplaces. However, it’s not always risk-free either. Kaspersky recently discovered SparkCat, the first screenshot-stealing malware to bypass the App Store's security. The malware was also found on Google Play, with a total of 20 infected apps across both platforms, proving that these stores are not 100% foolproof. Always check app reviews.

• Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services.

For businesses:

• Update your software in a timely manner, with particular attention to security patches.

• Regularly improve your employees’ security awareness and encourage safe practices, such as proper account protection.

• Implement robust monitoring and cybersecurity solutions.

• Implement strict security policies for users with access to financial assets, such as default deny policies and network segmentation.

• Use threat intelligence services from trusted sources to stay aware of the latest threats and cybercrime trends./.