According to Avira's 2020 Report on Cybersecurity, cyber criminals benefited greatly from COVID-19.
With a world eager for information, malware authors developed a wide variety of strategies to exploit users’ fears and need for answers around the virus, from malware which enables cyber attackers to read credit card data to vaccine based scams targeting the elderly in order
to gain access to personal payment data.
Overall, cyber-attacks increased by 15% worldwide compared to 2019. Further the rate of scams overall rose and fell at the same rate and time as the virus appeared across the world.
"For many years, authors of malware have been using psychological tricks to lure unsuspecting users," said Alexander Vukcevic, Director of Avira Protection Labs. "Currently, we are in a situation where many people are looking for answers and are worried because of COVID-19. The authors of malware are specifically exploiting this uncertainty.”
Since the beginning of the pandemic, special variants of well-known malware families have emerged to trap unsuspecting users with the catchphrase "Corona" or "COVID-19".
Banking Trojan "Cerberus" lures with "Corona”
One example of this is a variant of the Android banking Trojan "Cerberus", which is often distributed under the name "Corona-Apps.apk" via phishing campaigns. The keyword "Corona" is intended to entice Android users to install the Trojan on their smartphone.
According to the Avira report, the number of Android banking Trojans detected in 2020 increased by 35 percentage points compared to the previous year, which is due in part to increased mobile banking activities this year.
"Banking Trojans have always played an important role in the Android malware scene and this year they had an even bigger presence. In addition to the strategy of using COVID-19 as a cover, they also use the classic approach: they disguise themselves as a widely used app and ask for unusual permissions in order to obtain credit card data, for example," Vukcevic said.
COVID-19 as a driver for cyber attacks
Overall, Avira Protection Labs recorded an increase in malware attacks of around 15% compared to 2019 with a significant increase particularly in the first and last months of 2020.
Interestingly, the number of all cyber-attacks blocked by Avira increased this year at the same rate as the pandemic spread. During the first wave of the pandemic in April, the number of malware attacks also reached its first peak. As the scale of the pandemic diminished in the summer, so did the number of attacks. Since the beginning of the second wave in October, the number of malware attacks has been rising rapidly again.
There would appear to be a direct correlation between the number of attacks and the number of people working from home, this may be down to cybercriminals knowing that people are often more vulnerable to certain types of attacks when away from a secure office environment.
Increasing threat in 2021: Stalkerware
Another malware that actively camouflages itself and, according to Avira, will become increasingly important in the coming year is stalkerware. Apps that are detected as stalkerware are a type of spyware that can endanger the privacy of users and the security of the system. These spy apps can be installed without the knowledge or consent of the device owner, to secretly monitor them and spy on personal information such as pictures, videos, messages and location data. To disguise their activities, they use a stealth mode that allows the app to run invisibly in the background.
Due to the increasing activity of stalkerware apps in the Android environment, Avira is an active member in the Coalition Against Stalkerware to support their fight against this threat.