Cyberattacks targeting mobile applications more than quadrupled to 117,661 in the three months to September 2024 compared to a similar period last year, risking the security of users of such devices.
Latest statistics from the Communications Authority of Kenya (CA) reveals that mobile application threats detected during the three months to September rose by 333 percent from 27,147 in the same quarter last year.
The authority’s Computer Incident Response Team—Coordination Centre (CIRT/CC) issued 6,599 advisories or early warnings over the same period, a drop from 7,193 advisories in a similar period last year, indicating increased sophistication of the threats.
This exposes millions of Kenyans relying on the Android devices as their primary means of communication to cyberattacks, which could lead to financial losses, identity theft, and unwarranted access of their sensitive information.
“During the period, the perpetrators of mobile application attacks mainly sought to steal sensitive user data such as personally identifiable information, login credentials and financial details for malicious purposes,” CA said in a new report assessing the cybersecurity situation in the country.
The perpetrators mostly targeted Android mobile devices, Android smart television sets, set-top boxes, and Google TVs. The attackers use a type of virus embedded in third party apps, allowing them access to the devices.
Third party apps
According to CIRT/CC, the cyber-attackers take advantage of users’ lack of knowledge, marketing to them third party apps not available on the official app store, which require multiple permissions to operate.
Unsuspecting users grant the applications the permissions, which often include to access contact lists, messages, files, and to operate in the background, and through the apps, the criminals can secretly access the users’ sensitive information and use it against them.
Mobile application attacks are the least prevalent form of cyberthreats detected by the CA unit, currently accounting for just 0.02 percent of all threats reported. Generally, total cyberthreats rose from 123 million last year to 657 million.
