ISLAMABAD: The number of cyberattacks on smartphones to steal users` banking credentials surged by 196 per cent in 2024 compared to the previous year, a new report has claimed.

The number of Trojan banker attacks on Android smartphones increased from 420,000 in 2023 to 1,242,000 in 2024, Russian cybersecurity and anti-virus firm Kaspersky said in its report.

Trojan banker malware are malicious computer programmes designed to gain access to a person`s online banking, e-payment or credit card services by stealing their credentials.

`Cybercriminals are shifting tactics, relying on mass malware distribution to steal banking credentials,` said the report titled `The mobile malware threat landscape in 2024`.

`Over the past year, more than 33.3 million attacks on smartphone users globally, involving various types of malware and unwanted software.

Cybercriminals trick victims into downloading Trojan bankers by spreading links via SMS or messaging apps, attachments in emailor other messengers and by directing users to malicious webpages.

In some cases, cybercriminals send messages from a hacked contact`s account, making the fraud appear more trustworthy, the report added. To de ceive users, attackers often exploit trending news and hype topics to create a sense of urgency and lower victims` guard.

Although Trojan bankers were the fastestgrowing type of malware, they rank fourth overall in terms of the share of attacked users at 6pc. The most widespread category remains AdWare, accounting for 57pc of attacked users, followed by general Trojans (25pc) and RiskTools (12pc).

Adware is a type of malware or malicious software that delivers targeted advertisements to users. A Trojan virus disguises itself as legitimate software to trick users into installing it.

Shahzad Shahid, a policy advocate and IT expert, said the alarming rise in mobile banking malware attacks called for a multi-faceted approach to cybersecurity.

He said people must be educated on safe digital practices, such as avoiding suspicious links, using multi-factor authentication and installing security updates regularly.