In Kenya, smartphone attacks targeting Android devices have soared, posing a significant risk to your security.
New data from the Communications Authority of Kenya (CA) reveals that cyberattacks on mobile applications rose by 333% between July and September 2024 compared to the same period last year.
This trend puts millions of Android users in Kenya at risk, with cybercriminals focusing on stealing sensitive information, including personal details, financial information, and login credentials.
Android Users Are Prime Targets
Android users are especially vulnerable to these attacks, as cybercriminals exploit the platform’s popularity and users’ reliance on it for everyday tasks.
The CA’s report lists several types of malware that are on the rise, including spyware like the Joker spyware—which steals SMS messages and contact lists—and banking Trojans such as Anubis.
Also Read: How Cloudflare uses lava lamps to strengthen website encryption
The Anubis Trojan targets banking details and even incorporates ransomware features, locking users out of their devices until a ransom is paid.
Another troubling malware is AhMyth, a Remote Access Trojan (RAT) that can silently control the device, accessing contacts and other sensitive data remotely.
How Attackers Use Third-Party Apps
Many attacks stem from third-party applications, which are often marketed to users outside official app stores. These apps lure you in with added features but require multiple permissions to function.
Once you grant these permissions—like access to contacts, messages, or even file storage—hackers can exploit this access to extract your private information.
Also Read: Achieving Zero Trust security for Active Directory: Best practices and implementation
These third-party apps frequently operate in the background, making it challenging to detect any malicious activity. “During the period, the perpetrators of mobile application attacks mainly sought to steal sensitive user data,” the CA noted, underlining the risks involved in trusting unverified apps.
Ransomware and Social Engineering on the Rise
Beyond mobile malware, ransomware attacks and social engineering tactics are also becoming increasingly sophisticated.
New ransomware strains, such as Volcano Demon and Lockbit3, target larger entities like manufacturing and government agencies, encrypting their data and demanding a ransom.
Social engineering tactics, such as phishing and smishing (SMS phishing), use advanced AI to create realistic messages designed to trick you into revealing sensitive information or downloading malware.
Protecting Your Device
With mobile threats advancing quickly, you need to take steps to protect your Android device. Updating your software, checking app permissions, and avoiding untrusted apps are essential.
This rise in attacks is a wake-up call: staying cautious is the best way to protect your data and identity in this high-stakes environment.