The main mobile threat trends of 2019

Victor Chebyshev talks about the most common mobile threats and attack vectors of 2019.

The main mobile threat trends of 2019

We keep almost all of our private data with us, right in our pockets — on our smartphones. Indeed, our phones contain our photos, pictures of documents such as drivers’ licenses and passports, credit card data, and more — significantly more. And that’s why cybercriminals will never stop trying to get at the data on our phones.

The point is both striking and hard to disagree with. Kaspersky malware expert Victor Chebyshev presented it recently, speaking in Barcelona about the most prominent trends in mobile malware and privacy threats. As Chebyshev explained, although in general we saw the number of mobile threats decrease during the past year, three trends are on the rise.


Adware became one of the most prominent mobile threats of the year, earning four spots, including third place, in the top ten mobile threats of 2019. Mobile adware basically does two things. First, it tries to exfiltrate as much data from the device as possible, to get the ability to target the owner of the device with ads. It goes after your location data, search history, browser history, list of installed apps, and more.

Second, it floods the device with ads, sometimes to such an extent that the phone becomes nearly impossible to use. And that’s another problem with adware: Some types are persistent, remaining even if you try to reset your phone to factory default settings. So the best — the only — way to fight adware effectively is to use a security solution that detects and removes that type of threat before it can get to work.


Another threat that saw an increase in 2019 was stalkerware. In 2019 we had to pay quite a bit of attention to this kind of threat, which some people use to spy on their significant others. We created a privacy alert specialized for stalkerware, to help users understand they are facing something more than a potentially harmless, not-a-virus app, but rather that they are dealing with a significantly more dangerous thing. Also in 2019, in collaboration with several other antivirus vendors and nonprofit organizations that help victims of domestic abuse, we created the Coalition Against Stalkerware, which raises awareness about stalkerware as well as helps share samples across the AV industry to improve the detection rate.

Stalkerware creators fought back, creating versions that evade detection by security solutions. Looking at the statistics of 2019 versus 2018, we can see that the number of users attacked by stalkerware has increased substantially, partially because of the better detection rate, partially as a result of the increasing popularity of this commercial spyware.

Accessibility services exploitation

Accessibility services is not a backdoor or anything like that. It’s an API that Google created to help people with certain disabilities use Android devices. Applications granted permission to use Accessibility services can interact with the interface of active apps, reading text, clicking buttons, and so on.

Cybercriminals exploit Accessibility services to give their malicious applications permission to do certain things on behalf of the user. For example, banking Trojans use Accessibility services to initiate transactions on their own, sending your money to cybercriminals’ accounts. And stalkerware uses it to capture victims’ private data. Some Trojans use Accessibility services to gain other permissions on the device, such as device admin access, or to do anything else they want; accessibility services actually allow apps to be just another user on the device.

However, to do all that, an app needs permission to use Accessibility services, and the only way it can do that is to get permission from the user.

Staying safe

Except in the most extreme cases (those using zero-day vulnerabilities), to get your Android device infected, you need to install malware or adware yourself. That may sound unlikely, but it’s not; cybercriminals employ clever social-engineering techniques to make you believe you’re doing nothing wrong. And it works. However, you can take steps to prevent infection.

  • Do not install apps from unknown sources. More important, use Android settings to prohibit their installation.
  • Check the permissions of the apps that you use and think twice before giving a permission to an app, especially when it comes to high risk permissions such as permission to use Accessibility services. The only permission a flashlight app needs is to the flashlight (which doesn’t even involve camera access).
  • Use a security solution that is capable of detecting malicious apps and adware before they can start behaving badly on your device.