The number of cyber attacks in Russia has increased significantly
Experts «Kaspersky Lab» analyzed two cyberthreats for Android that target Russian users and remain active in April 2024 — Dwphon and Mamont.
The company also notes a general increase in the number of attacks on mobile devices in Russia. Thus, in the first quarter of 2024, their number increased by 5.2 times compared to the same period in 2023 and amounted to more than 19 million.
At the end of 2023, specialists from «Kaspersky Lab» discovered the Dwphon Trojan, since then it has constantly evolved and become more active. According to Kaspersky Lab, the number of Dwphon attacks on Russian users increased in March 2024 by about 25% compared to December 2023 and totaled almost 222 thousand.
Current versions of the malware collect information about the infected device and the personal data of its owner, as well as information about installed applications. Dwphon can download various programs, including adware and malware, onto the smartphone without the user's knowledge. Experts note that the functionality and code of Dwphon are similar to Triada, one of the most common mobile Trojans in 2023. However, what is of most interest is the attack vector, that is, the circumstances under which Dwphon ends up on devices. Experts have discovered that it is built into system applications of smartphones even before the gadgets fall into the hands of users.
In the spring of 2023, experts also discovered the Mamont banking Trojan for the first time, but the malware began to show activity in November of the same year. With a high degree of probability, it evolved from the Rasket — ransomware program. its authors threatened users with data leakage if they did not pay a ransom of 5 thousand rubles. Experts note similarities in the Mamont and Rasket code, such as the name of the configuration parameters. Both malware also use a Telegram bot to save information about victims. However, in Mamont, attackers developed the functionality of a banking Trojan to lure out payment information from potential victims and gain access to their SMS. Attackers distribute the Trojan on unofficial platforms, in particular, under the guise of applications for adults, delivery services, and financial organizations.