193 Million Malware Attacks on Mobile Devices
In the EMEA region, 28 percent of infections are due to QSnatch, 21 percent to Ramnit and 19 percent to Emotet.
Akamai Technologies‘ new “State of the Internet” report examines malicious DNS traffic and shows an increased prevalence of malware on mobile devices. In particular, the mobile Android malware FluBot has spread like wildfire across the region with its now 193 million queries. For this, FluBot uses simple SMS messages sent to all contacts of the infected victims in their local language. This localization approach proved particularly effective in Germany, the UK, Spain and Finland. Infected end devices reveal sensitive debit and credit card information of the owners. The attackers withdraw money and/or sell the captured information to other criminals.
Massive threat from Emotet
The attacks also lead to data breaches. This is especially true for Emotet, Ramnit and QSnatch. Emotet has posed a massive threat to businesses for more than half a decade. The organization first penetrates corporate networks and then sells access to ransomware attackers and other criminal actors. Such access enables the takeover of the entire corporate network and results in severe financial losses.
In addition, Emotet is believed to have links to major ransomware groups such as LockBit, Conti and Ryuk. In the EMEA region, one in five infections is now attributable to Emotet. Due to the high number of ransomware threats, the risk for companies is considerable – and effective digital protection is essential.
QSnatch changes stored data
Another significant threat in the EMEA region is attacks from network attached storage (NAS) devices by the botnet known as QSnatch. Such devices often store a variety of confidential information as well as backups and are vulnerable if not regularly patched and protected. Once QSnatch gains access to a device, it can take control of or modify the stored data, dramatically increasing the risk of a data breach. In the EMEA region, nearly one-third of infections were related to QSnatch.
Ramnit, responsible for two out of ten infections in EMEA, is a banking Trojan that steals online banking credentials and often spreads via phishing. According to the report, EMEA continues to see the largest number of Ramnit infections in the world. This comes as no surprise, as in the past, those behind it have preferred to target banks in Italy, the UK, and France.