{"id":107978,"date":"2022-11-18T08:05:33","date_gmt":"2022-11-18T08:05:33","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/securelist\/?p=107978"},"modified":"2022-11-18T06:17:52","modified_gmt":"2022-11-18T06:17:52","slug":"it-threat-evolution-in-q3-2022-mobile-statistics","status":"publish","type":"post","link":"https:\/\/securelist.com\/it-threat-evolution-in-q3-2022-mobile-statistics\/107978\/","title":{"rendered":"IT threat evolution in Q3 2022. Mobile statistics"},"content":{"rendered":"<ul>\n<li><a href=\"https:\/\/securelist.com\/it-threat-evolution-q3-2022\/107957\/\" rel=\"noopener\" target=\"_blank\">IT threat evolution in Q3\u00a02022<\/a><\/li>\n<li><a href=\"https:\/\/securelist.com\/it-threat-evolution-in-q3-2022-non-mobile-statistics\/107963\/\" rel=\"noopener\" target=\"_blank\">IT threat evolution in Q3\u00a02022. Non-mobile statistics<\/a><\/li>\n<li><strong>IT threat evolution in Q3\u00a02022. Mobile statistics<\/strong><\/li>\n<\/ul>\n<p><em>These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data.<\/em><\/p>\n<h2 id=\"quarterly-figures\">Quarterly figures<\/h2>\n<p>According to Kaspersky Security Network, in Q3\u00a02022:<\/p>\n<ul>\n<li>A total of 5,623,670 mobile malware, adware, and riskware attacks were blocked.<\/li>\n<li>Droppers (Trojan-Dropper), accounting for 26.28% of detections, were the most common threat to mobile devices.<\/li>\n<li>438,035 malicious installation packages were detected, of which:\n<ul>\n<li>35,060 packages were related to mobile banking Trojans,<\/li>\n<li>2,310 packages were mobile ransomware Trojans.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 id=\"quarterly-highlights\">Quarterly highlights<\/h2>\n<p>Judging by the number of attacks on mobile devices, cybercriminal activity stabilized in Q3 2022 after a gradual drop in the previous quarters. Over the three months, Kaspersky products prevented a total of 5.6 million mobile malware, adware, and riskware attacks.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/vsv8EIKPMhWRyubmwIA9\" data-type=\"interactive\" data-title=\"01 EN-RU-ES Malware report Q3 2022 non-PC stat\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Number of attacks targeting users of Kaspersky mobile solutions, Q1\u00a02021\u00a0\u2014 Q3\u00a02022 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230354\/01-en-ru-es-malware-report-q3-2022-non-pc-stat.png\">download<\/a>)<\/em><\/p>\n<p>The new <a href=\"https:\/\/securelist.com\/malicious-whatsapp-mod-distributed-through-legitimate-apps\/107690\/\" target=\"_blank\" rel=\"noopener\">Triada Trojan, discovered inside a modified WhatsApp build<\/a>, was an interesting find. It was notable for spreading via ads inside the popular Snaptube app and through the Vidmate internal store. Once on a device, the Trojan decrypts and runs a payload, which downloads and runs further malicious modules. The modules can display ads, subscribe the user to paid services, or download and run other malicious modules. Besides that, the Trojan steals various keys from the legitimate WhatsApp, potentially hijacking the account.<\/p>\n<p>The <a href=\"https:\/\/www.kaspersky.com\/blog\/harly-Trojan-subscriber\/45573\/\" target=\"_blank\" rel=\"noopener\">Harly<\/a> Trojan subscribers were another malware family spread via legitimate channels. These are published in Google Play under the guise of authentic apps, subscribing the unknowing user to paid services once installed. We have discovered 200 malicious applications of this type starting in 2020, and a total count of installations at the time of writing this report had exceeded 5 million.<\/p>\n<p style=\"text-align: center\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230825\/Malware_report_Q3_2022_mobile_stat.png\" class=\"magnificImage\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter size-full wp-image-107990\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230825\/Malware_report_Q3_2022_mobile_stat.png\" alt=\"One of the most recently detected Harly-type apps in Google Play, with more than 50,000 installations.\" width=\"382\" height=\"835\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230825\/Malware_report_Q3_2022_mobile_stat.png 382w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230825\/Malware_report_Q3_2022_mobile_stat-137x300.png 137w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230825\/Malware_report_Q3_2022_mobile_stat-80x175.png 80w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230825\/Malware_report_Q3_2022_mobile_stat-229x500.png 229w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230825\/Malware_report_Q3_2022_mobile_stat-128x280.png 128w\" sizes=\"(max-width: 382px) 100vw, 382px\" \/><\/a><\/p>\n<p style=\"text-align: center\"><strong><em>One of the most recently detected Harly-type apps in Google Play, with more than 50,000 installations.<\/em><\/strong><\/p>\n<p>Google Play keeps getting new banking Trojans, such as <a href=\"https:\/\/blog.fox-it.com\/2022\/09\/02\/sharkbot-is-back-in-google-play\/\" target=\"_blank\" rel=\"noopener\">new versions of the Trojan dropper that downloads and runs Sharkbot<\/a>.<\/p>\n<p>Despite a general decline in the number of mobile attacks, we can see that cybercriminals are using increasingly smarter tricks to deliver malware to user devices.<\/p>\n<h2 id=\"mobile-threat-statistics\">Mobile threat statistics<\/h2>\n<p>In Q3 2022, Kaspersky detected 438,035 malicious installation packages, which is 32,351 more than in the previous quarter and down 238,155 against Q3 2021.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/PQbDcl6YDuz3SYmXUg9A\" data-type=\"interactive\" data-title=\"02 EN-RU-ES Malware report Q3 2022 non-PC stat\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Number of detected malicious installation packages, Q3\u00a02021\u00a0\u2014 Q3\u00a02022 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230437\/02-en-ru-es-malware-report-q3-2022-non-pc-stat.png\">download<\/a>)<\/em><\/p>\n<h3 id=\"distribution-of-detected-mobile-malware-by-type\">Distribution of detected mobile malware by type<\/h3>\n<div class=\"js-infogram-embed\" data-id=\"_\/tjiQ7h8J880tcJ66KSXd\" data-type=\"interactive\" data-title=\"03 EN Malware report Q3 2022 non-PC stat\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Distribution of newly detected mobile malware by type, Q2 and Q3 2022 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230501\/03-en-malware-report-q3-2022-non-pc-stat.png\">download<\/a>)<\/em><\/p>\n<p>Threats in the Trojan-Dropper class ranked first among all threats detected in Q3, with 26.28%, exceeding the previous quarter&#8217;s figure by 22.15 percentage points. Nearly half (45.33%) of all detected threats of that type belonged to the Ingopack family. These were followed by banking Trojan droppers from Wroba (41.24%) and Hqwar families (5.98%).<\/p>\n<p>AdWare, the ex-leader, moved 2.5 percentage points down the rankings to second place with a share of 22.78%. A fourth of all detected threats of that class belonged to the Aldo family (25.64%).<\/p>\n<p>Third place was taken by various Trojans with a cumulative share of 16.01%, which was 4.48 percentage points lower than in the previous quarter. Half of all detected threats of that class were objects from the Boogr family (50.16%).<\/p>\n<h3 id=\"top-20-mobile-malware-programs\">Top 20 mobile malware programs<\/h3>\n<p><em>Note that the malware rankings below exclude riskware or PUAs, such as RiskTool or adware.<\/em><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"10%\"><\/td>\n<td width=\"50%\"><strong>Verdict <\/strong><\/td>\n<td width=\"40%\"><strong>%*<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>DangerousObject.Multi.Generic<\/td>\n<td>22.58<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Trojan.AndroidOS.Generic<\/td>\n<td>14.59<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Trojan-Spy.AndroidOS.Agent.aas<\/td>\n<td>8.51<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Trojan-SMS.AndroidOS.Fakeapp.d<\/td>\n<td>6.95<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Trojan.AndroidOS.GriftHorse.l<\/td>\n<td>5.57<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Trojan-Dropper.AndroidOS.Hqwar.hd<\/td>\n<td>2.94<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>DangerousObject.AndroidOS.GenericML<\/td>\n<td>2.90<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>Trojan-Dropper.AndroidOS.Wroba.o<\/td>\n<td>2.46<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Trojan-Dropper.AndroidOS.Agent.sl<\/td>\n<td>2.21<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Trojan-Downloader.AndroidOS.Necro.d<\/td>\n<td>1.93<\/td>\n<\/tr>\n<tr>\n<td>11<\/td>\n<td>Trojan-Dropper.AndroidOS.Agent.rv<\/td>\n<td>1.84<\/td>\n<\/tr>\n<tr>\n<td>12<\/td>\n<td>Trojan-Banker.AndroidOS.Bian.h<\/td>\n<td>1.71<\/td>\n<\/tr>\n<tr>\n<td>13<\/td>\n<td>Trojan-Downloader.AndroidOS.Agent.kx<\/td>\n<td>1.69<\/td>\n<\/tr>\n<tr>\n<td>14<\/td>\n<td>Trojan-Dropper.AndroidOS.Hqwar.hc<\/td>\n<td>1.66<\/td>\n<\/tr>\n<tr>\n<td>15<\/td>\n<td>Trojan.AndroidOS.Hiddad.hh<\/td>\n<td>1.52<\/td>\n<\/tr>\n<tr>\n<td>16<\/td>\n<td>Trojan.AndroidOS.GriftHorse.ah<\/td>\n<td>1.45<\/td>\n<\/tr>\n<tr>\n<td>17<\/td>\n<td>Trojan-SMS.AndroidOS.Agent.ado<\/td>\n<td>1.41<\/td>\n<\/tr>\n<tr>\n<td>18<\/td>\n<td>Trojan-Dropper.AndroidOS.Hqwar.gen<\/td>\n<td>1.39<\/td>\n<\/tr>\n<tr>\n<td>19<\/td>\n<td>Trojan-Dropper.AndroidOS.Triada.az<\/td>\n<td>1.35<\/td>\n<\/tr>\n<tr>\n<td>20<\/td>\n<td>Trojan.AndroidOS.Soceng.f<\/td>\n<td>1.33<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Unique users attacked by this malware as a percentage of all attacked users of Kaspersky mobile solutions.<\/em><\/p>\n<p>First and second places went to DangerousObject.Multi.Generic (22.58%) and Trojan.AndroidOS.Generic (14.59%), respectively, which are verdicts we use for malware detected with <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/wiki-section\/products\/big-data-the-astraea-technology\" target=\"_blank\" rel=\"noopener\">cloud technology<\/a>. Cloud technologies are used when the antivirus databases lack data for detecting a piece of malware, but the company&#8217;s cloud already contains information about the object. This is essentially how the latest malware types are detected.<\/p>\n<p>Trojan-Spy.AndroidOS.Agent.aas (8.51%), an evil twin of WhatsApp with a spy module built in, rose to third position. Trojan-SMS.AndroidOS.Fakeapp.d slid from second to fourth place with 6.95%. This malware is capable of sending text messages and calling predefined numbers, displaying ads and hiding its icon. Members of the Trojan.AndroidOS.GriftHorse family, which subscribe the user to premium SMS services, took fifth and sixteenth places.<\/p>\n<p>Malware from the Trojan-Dropper.AndroidOS.Hqwar family, used for unpacking and running various banking Trojans, occupied sixth, fourteenth, and eighteenth places. These attacked a combined 6% of all users who encountered malware.<\/p>\n<p>The verdict of DangerousObject.AndroidOS.GenericML came seventh with 2.90%. This verdict is assigned to files recognized as malicious by our <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/wiki-section\/products\/machine-learning-in-cybersecurity\" target=\"_blank\" rel=\"noopener\">machine-learning<\/a> systems. Eighth place was occupied by Trojan-Dropper.AndroidOS.Agent.sl (2.46%), a dropper that unpacks and runs the banking Trojan from the <a href=\"https:\/\/securelist.com\/roaming-mantis-reaches-europe\/105596\/\" target=\"_blank\" rel=\"noopener\">Roaming Mantis<\/a> campaign. Roaming Mantis mainly attacks users in Japan and France. Another banking Trojan dropper, Trojan-Dropper.AndroidOS.Agent.sl, sunk to ninth place with 2.21%.<\/p>\n<p>Trojan-Downloader.AndroidOS.Necro.d, used for downloading and running other forms of malware on infected devices, jumped from sixteenth to tenth place with 1.93%. Trojan-Dropper.AndroidOS.Agent.rv, a dropper that unpacks and runs various types of malware, took eleventh place with 1.84%.<\/p>\n<p>Twelfth place saw the arrival of the banking Trojan, Trojan-Banker.AndroidOS.Bian.h, with 1.71%. Trojan-Downloader.AndroidOS.Agent.kx, an adware dropper, accounted for 1.69%, climbed from twentieth to thirteenth place. Trojan.AndroidOS.Hiddad.hh, an adware Trojan that mostly attacks users in Russia, Kazakhstan, and Ukraine, was fifteenth with 1.52%.<\/p>\n<p>Trojan-SMS.AndroidOS.Agent.ado, known for sending text messages to premium-rate shortcodes, remained seventeenth with 1.41%. Nineteenth place, with 1.35%, was occupied by Trojan-Dropper.AndroidOS.Triada.az, a type of malware that decrypts and runs a payload capable of displaying ads on the lock screen, opening new browser tabs, gathering device information, and dropping other malicious code.<\/p>\n<p>The last in the rankings (previously thirteenth) is Trojan.AndroidOS.Soceng.f with 1,33%. It sends text messages to the user&#8217;s contacts, deletes files on the memory card, and overlays the interfaces of popular apps with its own window.<\/p>\n<h3 id=\"geography-of-mobile-threats\">Geography of mobile threats<\/h3>\n<p><strong>TOP 10 countries and territories by share of users attacked by mobile malware<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"10%\"><\/td>\n<td width=\"50%\"><strong>Countries and territories*<\/strong><\/td>\n<td width=\"40%\"><strong>%**<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Iran<\/td>\n<td>81.37<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Yemen<\/td>\n<td>18.91<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Saudi Arabia<\/td>\n<td>12.68<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Oman<\/td>\n<td>11.99<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Algeria<\/td>\n<td>11.93<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Kenya<\/td>\n<td>11.42<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>Nigeria<\/td>\n<td>10.72<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>India<\/td>\n<td>10.65<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Egypt<\/td>\n<td>9.39<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Ecuador<\/td>\n<td>8.66<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Countries and territories with relatively few users of Kaspersky mobile security solutions (under 10,000) have been excluded from the rankings.<\/em><br \/>\n<em>** Unique users attacked as a percentage of all users of Kaspersky mobile security solutions in the country.<\/em><\/p>\n<p>The countries with the largest shares of attacked users and the most widespread threats in these regions remained unchanged in Q3 2022.<\/p>\n<p>Iran came first with a record 81.37%, still plagued by the annoying adware modules from the AdWare.AndroidOS.Notifyer and AdWare.AndroidOS.Fyben families. Yemen, where users were attacked mostly by Trojan-Spy.AndroidOS.Agent.aas, stayed at second place with 18,91%. In Saudi Arabia, which came third with 12.68%, users most commonly encountered adware from the AdWare.AndroidOS.Adlo and AdWare.AndroidOS.Fyben families.<\/p>\n<h2 id=\"mobile-banking-trojans\">Mobile banking Trojans<\/h2>\n<p>The number of detected installation packages for mobile banking Trojans dropped to <strong>35,060<\/strong>. This figure represents a decrease of 20,554 from Q2 2022, but a decrease of 22,963 from Q3 2021.<\/p>\n<p>Two-thirds (66.20%) of the detected banking Trojan installation packages belonged to the Trojan-Banker.AndroidOS.Bray family. These were followed by Trojan-Banker.AndroidOS.Bian with 5,46% and Trojan-Banker.AndroidOS.Fakecalls with 4,59%.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/Yvr5T9uAyxHMhnNoPJRF\" data-type=\"interactive\" data-title=\"05 EN-RU-ES Malware report Q3 2022 non-PC stat\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Number of installation packages for mobile banking Trojans detected by Kaspersky, Q3\u00a02021\u00a0\u2014 Q3\u00a02022 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230536\/05-en-ru-es-malware-report-q3-2022-non-pc-stat.png\">download<\/a>)<\/em><\/p>\n<p><strong>Top 10 most common mobile bankers<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"10%\"><\/td>\n<td width=\"50%\"><strong>Verdict<\/strong><\/td>\n<td width=\"40%\"><strong>%*<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Trojan-Banker.AndroidOS.Bian.h<\/td>\n<td>29.61<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Trojan-Banker.AndroidOS.Anubis.t<\/td>\n<td>10.67<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Trojan-Banker.AndroidOS.Svpeng.q<\/td>\n<td>7.72<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Trojan-Banker.AndroidOS.Gustuff.d<\/td>\n<td>5.35<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Trojan-Banker.AndroidOS.Asacub.ce<\/td>\n<td>4.18<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Trojan-Banker.AndroidOS.Agent.eq<\/td>\n<td>3.94<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>Trojan-Banker.AndroidOS.Agent.ep<\/td>\n<td>3.21<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>Trojan-Banker.AndroidOS.Agent.cf<\/td>\n<td>2.51<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Trojan-Banker.AndroidOS.Faketoken.z<\/td>\n<td>2.12<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Trojan-Banker.AndroidOS.Hqwar.t<\/td>\n<td>2.08<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Unique users attacked by this malware as a percentage of all Kaspersky mobile security solution users who encountered banking threats.<\/em><\/p>\n<p>The three most-attacked countries in terms of affected users remained the same as in Q2 2022.<\/p>\n<h3 id=\"geography-of-mobile-bankers\">Geography of mobile bankers<\/h3>\n<p><strong>TOP 10 countries and territories by shares of users attacked by mobile banking Trojans<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"10%\"><\/td>\n<td width=\"50%\"><strong>Countries and territories*<\/strong><\/td>\n<td width=\"40%\"><strong>%**<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Saudi Arabia<\/td>\n<td>1.36<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Spain<\/td>\n<td>1.05<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Australia<\/td>\n<td>0.79<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Turkey<\/td>\n<td>0.41<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Switzerland<\/td>\n<td>0.20<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Japan<\/td>\n<td>0.11<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>France<\/td>\n<td>0.08<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>Colombia<\/td>\n<td>0.08<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>South Korea<\/td>\n<td>0.07<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Italy<\/td>\n<td>0.04<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Countries and territories with relatively few users of Kaspersky mobile security solutions (under 10,000) have been excluded from the rankings.<\/em><br \/>\n<em>** Unique users attacked by mobile banking Trojans as a percentage of all Kaspersky mobile security solution users in the country.<\/em><\/p>\n<p>Saudi Arabia had the largest share (1.36%) of unique users who came across mobile financial threats in Q3 2022. Trojan-Banker.AndroidOS.Bian.h accounted for more than 99% of attacks in that country. Spain, formerly the hardest-hit country, had the second largest share (1.05%), with 93.46% of attacks linked to the same malware type. Australia again had the third-largest (0.79%) share, with 98.27% of attacks there involving Trojan-Banker.AndroidOS.Gustuff.d.<\/p>\n<h2 id=\"mobile-ransomware-trojans\">Mobile ransomware Trojans<\/h2>\n<p>We detected <strong>2,310<\/strong> mobile Trojan ransomware installers in Q3 2022, a decrease of 1,511 from Q2 2022 and a decrease of 3,847 year on year.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/9DKugbHeQMoEmIDLVSN6\" data-type=\"interactive\" data-title=\"07 EN-RU-ES Malware report Q3 2022 non-PC stat\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Number of installation packages for mobile ransomware Trojans detected by Kaspersky, Q3\u00a02021\u00a0\u2014 Q3\u00a02022 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2022\/11\/16230605\/07-en-ru-es-malware-report-q3-2022-non-pc-stat.png\">download<\/a>)<\/em><\/p>\n<p><strong>Top 10 most common mobile ransomware<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"10%\"><\/td>\n<td width=\"50%\"><strong>Verdict<\/strong><\/td>\n<td width=\"40%\"><strong>%*<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Trojan-Ransom.AndroidOS.Pigetrl.a<\/td>\n<td>58.73<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Trojan-Ransom.AndroidOS.Small.as<\/td>\n<td>4.52<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Trojan-Ransom.AndroidOS.Rkor.cw<\/td>\n<td>4.17<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Trojan-Ransom.AndroidOS.Rkor.cl<\/td>\n<td>1.92<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Trojan-Ransom.AndroidOS.Fusob.h<\/td>\n<td>1.92<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Trojan-Ransom.AndroidOS.Rkor.cm<\/td>\n<td>1.60<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>Trojan-Ransom.AndroidOS.Rkor.da<\/td>\n<td>1.60<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>Trojan-Ransom.AndroidOS.Rkor.bi<\/td>\n<td>1.60<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Trojan-Ransom.AndroidOS.Rkor.cx<\/td>\n<td>1.57<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Trojan-Ransom.AndroidOS.Small.ce<\/td>\n<td>1.32<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Unique users attacked by the malware as a percentage of all Kaspersky mobile security solution users attacked by ransomware Trojans.<\/em><\/p>\n<h3 id=\"geography-of-mobile-ransomware\">Geography of mobile ransomware<\/h3>\n<p><strong>TOP 10 countries and territories by share of users attacked by mobile ransomware Trojans<\/strong><\/p>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td width=\"10%\"><\/td>\n<td width=\"50%\"><strong>Countries and territories*<\/strong><\/td>\n<td width=\"40%\"><strong>%**<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>Yemen<\/td>\n<td>0.28<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>Kazakhstan<\/td>\n<td>0.15<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>Saudi Arabia<\/td>\n<td>0.02<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>Jordan<\/td>\n<td>0.02<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>Switzerland<\/td>\n<td>0.02<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>Azerbaijan<\/td>\n<td>0.01<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>Kyrgyzstan<\/td>\n<td>0.01<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>Egypt<\/td>\n<td>0.01<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>Iran<\/td>\n<td>0.01<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>Algeria<\/td>\n<td>0.01<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Excluded from the rankings are countries and territories with relatively few (under 10,000) Kaspersky mobile security users.<\/em><br \/>\n<em>** Unique users attacked by ransomware Trojans as a percentage of all Kaspersky mobile security solution users in the country or territory.<\/em><\/p>\n<p>Yemen (0.28%), Kazakhstan (0.15%) and Saudi Arabia (0.02%) had the largest shares of users attacked by mobile ransomware Trojans. Users in Yemen and Saudi Arabia most often encountered Trojan-Ransom.AndroidOS.Pigetrl.a, while users in Kazakhstan were attacked mainly by members of the Trojan-Ransom.AndroidOS.Rkor family.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In Q3 2022, a total of 5,623,670 mobile malware, adware, and riskware attacks were blocked, and 438,035 malicious installation packages were detected.<\/p>\n","protected":false},"author":2526,"featured_media":107994,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[919],"tags":[63,34,123,86,76,564,121,482,1041],"banners":"","hreflang":[{"hreflang":"x-default","url":"https:\/\/securelist.com\/it-threat-evolution-in-q3-2022-mobile-statistics\/107978\/"}],"_links":{"self":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts\/107978"}],"collection":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/users\/2526"}],"replies":[{"embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/comments?post=107978"}],"version-history":[{"count":11,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts\/107978\/revisions"}],"predecessor-version":[{"id":108003,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts\/107978\/revisions\/108003"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/media\/107994"}],"wp:attachment":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/media?parent=107978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/categories?post=107978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/tags?post=107978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}