H1: Games, apps, websites… anything can be abused. How to protect your family from mobile threats

H2: ESET levels up its Mobile Security app to be even more effective against phishing.

Smartphones have become an integral part of our social lives. From children to teens and onto adults and the elderly, globally, the average user now spends almost four hours daily staring at their mobile phone. There’s really no point in naming all the things people can use their mobile phones for. From social interaction to shopping, gaming, and so on… you know what they are capable of.  

These capabilities, however, come at a price. The variety of things people can do on their mobile phones creates one huge, messy cyberthreat landscape with criminals trying to steal victims’ money, data, and identities, sometimes demanding a ransom for their return. 

This blog will show you some real-life examples described by ESET researchers of what such threats look like. As you will see, some of them are no longer simple scams that can be easily spotted, but are instead sophisticated, multi-staged and AI-driven attacks that require much stronger defenses than a watchful eye and simple antivirus. 

The long list of ESET research pieces on this topic demonstrates how carefully ESET studiesthese threats. And ESET experts are not just watching. More than ten years ago, ESET createdaward-winning multilayered protection against a multitude of Android security issues called ESET Mobile Security, which has been protecting millions of people around the globe. Now ESET is coming forward with improved Phishing Protection, extending threat coverage even more. 

CTA: TRY ESET MOBILE SECURITY NOW!

Anyone can be a target

There are 4.8 billion smartphone users, which is more than half of the current global population of 8.2 billion people. Statista estimates the smartphone user base to reach 6.4 billion by 2029. 

According to a 2024 survey conducted by the data management firm Harmony Healthcare IT, phone screen time increases with every generation. While U.S. baby boomers (people born from 1946 to 1964) spend 3.5 hours per day with phones in their hands, millennials’ use of phones is one hour longer, and Generation Z spends an average of 6 hours and 5 minutes on their phone daily.

And just as smartphone usage is rising, so is the total volume of detected Android malware,increasing from 1.7 million in July 2014 to 35.2 million as of July 2024, according to the AV-TEST Institute’s data. 

While the usage of mobile phones grows, so does the increase in user susceptibility to phishing attacks. Global data gathered in 2022 shows that encounters of personal mobileswith phishing rose from 35.46% in 2020 to 53% in 2022, and the percentage of mobile users who tapped on six or more phishing links almost doubled from 14.3% to 27.6% within this time period. 

Threats are out there 

Let’s see several of the latest examples of mobile threats, some covered by the latest ESET Threat Report (H1 2024).  

ESET experts complemented the research conducted by Group-IB’s Threat Intelligence unit, describing the GoldPickaxe malware family available for both iOS and Android, targeting victims in the Asia-Pacific region. 

This malware can steal a victim’s sensitive personal information from financial apps such asDigital Pension for Thailand despite a requirement that users record a brief video of their face from various angles using the front camera of their mobile device as a form of secure authentication.

To achieve that, threat actors steal victims’ biometric data and utilize AI-driven face-swapping services to create deepfakes. 

Another example shows that scammers don’t hesitate to even target children. According to the latest Threat Report, ESET telemetry detected phishing scams abusing Roblox, a sandbox gaming platform very popular with kids and available on multiple operating systems (including Apple and Android). Roblox contains virtual currency named Robux that can be purchased with real money, which makes it attractive for cybercriminals. The Roblox community has created a long list of Roblox threats here. 

Also, using ESET detection engines in combination with other sources, ESET researchersrecently discovered espionage campaigns spreading fake apps or trojanized and reverse-engineered legitimate apps to Android users in Egypt and Palestine. Threat actors useddedicated phishing websites to distribute malicious apps impersonating legitimate chat apps, ajob opportunity app, and a civil registry app. 

Another recent malicious campaign uncovered by ESET researchers and run in the Czech Republic targeted clients at three Czech banks to facilitate unauthorized ATM withdrawals from the victims’ bank accounts.

At first, cyber criminals deceived victims into believing that they are communicating with their bank, and then tricked them into downloading and installing a fake banking app with the unique malware that ESET named NGate. The malware then clones near field communications data (NFC) from victims’ payment cards using NGate and sends this data to an attacker’s device that is then able to imitate the original card and withdraw money from an ATM.

Just this handful of recent examples shows how large of a portfolio of tools cybercriminals have at their disposal. Notice the variety of their targets – children playing games or adults seeking a job, wanting to chat, or doing financial operations.

Be prepared for anything

Packed with tons of features and capabilities, mobile devices should make our lives easier,and not trigger headaches due to cyberthreats. That is why multi-layered protection focusing on prevention is needed. 

Being a security leader with more than three decades of experience, ESET protects smartphone users of all generations whether they are browsing the internet, chatting, shopping, playing games, or executing financial operations.