Rising Android threats in Russia: Dwphon and Mamont malware drive major mobile risk

A spike in cybercrime targeting Android smartphones in Russia has been reported by Kaspersky Lab. According to Dmitry Kalinin, a cybersecurity expert at the company, the surge was highlighted in an interview with News. The data show that the incidence of mobile device cyberattacks in the first quarter of 2024 rose more than fivefold compared with the same period the previous year. This marked acceleration signals a widening threat surface for Android users and underscores the need for vigilant security practices across the population. Kaspersky Lab notes that millions of users have already felt the impact of these threats, with over 19 million individuals affected by hackers so far. These figures reflect a broader trend of increasing malware activity in the mobile space, driven by criminal groups seeking to harvest personal data and financial information. Kaspersky Lab emphasizes that continued monitoring and rapid response are essential to curb the momentum of these attacks. This shift in criminal focus aligns with global patterns where mobile devices have become prime targets for data theft and unauthorized access to financial resources. The company highlights two of the most prevalent threats in this wave of events: the Dwphon family and Mamont. Dwphon is designed to exfiltrate personal data from the device, map out the installed applications, and quietly install additional software without user consent, creating a stealthy channel for further exploitation. Mamont concentrates on stealing payment information and gaining access to SMS messages stored on the device, enabling fraud and financial theft. The persistence of these threats illustrates a troubling reality for Android users in the region and beyond, as criminals continuously refine their methods. In addition to the active malware strains, Kalinin points to the possibility that some infections are pre installed on devices straight from the factory. When malware is embedded in the supply chain during production, the attackers gain a covert foothold that is exceedingly difficult for users to detect and for manufacturers to trace. This risk underscores the importance of secure development practices, rigorous supplier verification, and comprehensive device integrity checks for all players in the market. The trend is not isolated to a single brand or model, and it raises questions about the resilience of mobile ecosystems when faced with supply chain infiltration. Historically, the mobile threat landscape has evolved rapidly, with various campaigns targeting Android users by exploiting app permissions, social engineering, and firmware vulnerabilities. Experts advocate for a layered approach to defense that includes up to date operating system updates, trusted app sources, cautious permission management, and the use of security tools that monitor unusual device behavior. The case described by Kaspersky Lab should serve as a wake up call for users to reinforce basic good practices such as regular software updates, prompt installation of security patches, and careful scrutiny of app permissions. It also highlights the role of manufacturers, service providers, and researchers in collaborating to detect and neutralize threats before they can cause widespread damage. The Russian security community continues to study these developments to provide timely guidance and practical protections for residents and businesses alike. This evolving situation demonstrates why staying informed and adopting robust security habits is essential in a mobile-first era where cybercriminals constantly adapt their techniques for maximum impact. The broader takeaway is simple: Android users should treat mobile security as an ongoing priority rather than a once in a while precaution. The goal is to reduce risk by combining technology, awareness, and proactive defense strategies to protect personal data and financial safety. (Kaspersky Lab)