By Kang Seung-woo
Korean mobile banking firms were attacked by malware intended to steal user financial information, the sixth most in the world last year amid the increase of mobile malware, a Russian multinational cybersecurity firm said, Thursday.
According to Kaspersky Lab, 0.59 percent of mobile users in Korea have encountered mobile banking Trojans.
Russia was the most vulnerable to malware at 4.01 percent as the most popular mobile banking Trojan variant was extensively spread in Russia. Australia ranked second with 2.26 percent followed by Ukraine with 1.05 percent. Uzbekistan and Tajikistan rounded out the top five with just less than 1 percent each.
"In 2016, the growth in the number of advertising Trojans capable of exploiting super-user rights continued. Throughout the year it was the No. 1 threat, and we see no sign of this trend changing," the report said.
The cybersecurity firm noted it detected 130,000 installation packages of mobile banking Trojans in 2016, which is 1.6 times more than in 2015, while about 261,000 installation packages were detected last year, 8.5 times more than the previous year.
"Cybercriminals are taking advantage of the fact that most devices do not receive operating system (OS) updates or receive them late, and are thus vulnerable to old, well-known and readily available exploits," the report said.
It added that Google Play Store was used to spread Trojans capable of stealing login credentials. "In Google Play in October and November, we detected about 50 new applications infected by Trojans," it said, "and many of them were installed more than 100,000 times."
Also, the firm found nearly 40 million attempted attacks by mobile malware last year.
The report forecast that the internet of things (IoT) may become the next victim of cybercriminals.
"Various internet-connected smart devices are becoming increasingly popular, though their level of security is fairly low," it said, adding that cybercriminals are beginning to interact more with the world beyond smartphones. "Perhaps in 2017, we will see major attacks on IoT components launched from mobile devices."