Malware Installation Packages

Mobile malware was evolving with a lot of potentials. Kaspersky collected statistical data from users that a lot of malicious apps were expected to be on the rise in 2021. The data from Kaspersky showed detection of nearly 3,464,756 malicious packages, 97,661 mobile banking trojans, and 17,372 mobile ransomware trojans.

Surprisingly, the number of attacks on mobile users has drastically decreased. Nevertheless, attackers and attacks are becoming more complex with functionality, malware, and vectors. Many malicious apps faced code injection through ad SDKs. One of the best examples is the case of CamScanner which had malicious code inside the ad libraries in both the modified WhatsApp build and the official APKPure client.


Despite the efforts from Google to keep malware apps away from Google play, there were still a lot of malicious apps found on Google play. The Most Notable ones were,

Joker Trojan – signs up victims for paid subscriptions

Facestealer Trojan – steals Facebook credentials 

And various other banking trojans. For a trojan to sneak into Google Play, it has to pose as a legitimate app with a small piece of code to decrypt at the server level which launches the payload or downloads the payload from the attacker’s server.

To remain undetected from virus scanners, the decrypting actions are performed through commands from attackers’ servers. This is done by several steps which involve adding the decrypting module that contains the address of the next one and finally providing instructions to unload the payload.

Banking trojans gained more attack vectors in 2021. The Fake calls banker which had a malicious code to specifically target Korean users additionally drops outgoing calls to the users’ bank and also plays pre-recorded operator responses.

The Sova banker is another banking malware that steals cookies, allowing attackers to take over the current session and the bank account without even knowing the user credentials. The Vultur Backdoor relies on Virtual Network Computing (VNC) in order to screen record smartphones. It is coded in such a way that if the attacker is interested in a particular app and the user opens it, they can monitor everything on the screen.

The Gamethief-type mobile trojan is yet another interesting finding of 2021. It is specifically aimed at PlayerUnknown’s BattleGrounds (PUBG) mobile version to steal account credentials. Compared with all the events and newsbreaks for masking malware that took place in 2020, Joker trojan was one of the few best examples since it mimics an app but with a background wallpaper in the theme of Squid Game.

Another interesting topic that made the headlines was the Pegasus spyware which was one of the most complicated malware. Protecting against such malware is greatly a nightmare since it is a live issue.

Statistical Reports


Securelist published a complete report on mobile malware. They also mentioned that they have detected nearly 3.4 million malicious installation packages in 2021. Compared to the previous year which had 5.6 million packages, this is a drastic drop since 2019.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.