Apple-related phishing and online banking malware increase
As the holiday season approaches, Trend Micro is raising concern about the ongoing proliferation of Apple iOS phishing sites, as well as a sizable uptick in online banking malware.
Findings suggest consumers should be alert and cautious during the holiday shopping season to protect personal and financial data from being compromised.
“As consumers gravitate to the convenience of online banking, criminals are developing tools at an exceedingly rapid pace to exploit a general lack of awareness,” said JD Sherry, vice president of technology and solutions, Trend Micro.
“In addition, Apple has been traditionally perceived as a safe-haven against threats, but our findings reveal that personal information can be jeopardized as phishing scams that target the platform continue to gain momentum. This evidence suggests a potential perfect storm looming in the holiday season as busy commercial and consumer users leverage mobile platforms,” Sherry added.
After a spike in Q2 (5,800 in May), Apple-related phishing sites have remained steady throughout Q3 with 4,100 detected in July; 1,900 in August and 2,500 in September. This raises concern of potential new targets in Q4 with analysts estimating Apple to sell 31 million iPhones and 15 million iPads in the fourth quarter alone.
Trend Micro researchers also identified more than 200,000 malware infections targeting online banking in Q3. Three countries stood out as the most targeted, with the U.S. accounting for almost one-quarter (23 percent) of online banking malware infections worldwide, followed by Brazil with 16 percent and Japan with 12 percent.
Europe’s top countries, Germany and France, had only three percent respectively which may stem from the regions high degree of multi-factor authentication requirements with online banking transactions.
Along with these increases, the level of sophisticated obfuscation techniques used by threat actors has also risen. They found within the online banking Trojan called KINS, anti-debugging and anti-analysis routines.