Australia Recorded the Highest Rate of iOS & Android App Threats

More threats were detected on iOS than Android devices; 68% of Australian CISOs expect their organization to suffer a material cyber-attack within the next year.

Navigating the internet in 2022 is more dangerous than ever for Australian netizens. The risks to the privacy of Australian customers are at an all-time high, as the nation has reported the highest percentage of mobile threats globally, standing at 26.9%. 

The average Australian netizen uses web-based mobile apps to browse, entertain, communicate, and shop online. In a web ecosystem where hundreds of thousands of apps are published daily, customers on Android and iOS devices are vulnerable to privacy infringement. 

Australian Mobile Cybersecurity in 2022

  • The Australian population is at most risk if you consider the statistics on a per-device basis.
  • Apple iOS users often fall prey to mobile scams; around 30.1% of the total mobile app threats make up the real threats so far. 
  • Anti-virus giant, Kaspersky, blocked 6,463,414 mobile malware, adware, and risk-ware attacks.
  • RiskTool programs committed 48.75% of the mobile attacks
  • The trojan- Banker.AndroidOS.Gustuff.d is responsible for 95.14% of all Android attacks in Australia.
  • Mobile devices pave the way to launch ransomware attacks on Australian businesses of every scale and domain.
  • 68% of Australian CISOs confessed that they expect their organization to suffer a material cyber-attack within the next year, compared to the rest of the globe.  
  • Trojans such as Hydra, FluBot, Octo, ERMAC, and Cerberus are responsible for boosting on-device fraud in Australia, the US, UK, Poland, Italy, France, Portugal, and Germany. 

All attacks have one common factor: a lack of awareness and a false sense of security in the human mind. Thus, these Australian attacks significantly contribute to the rising trend in socially engineered attacks.

Common Trends Among the Australian Mobile Threats

There is an increase in attacks on users who subscribe to Fintech services. The lockdowns have made on-demand retail and mCommerce a permanent fixture among Australian users who share their transaction details without any qualms.

Social media-based scams are increasing as the average Australian uses their smartphone to connect unilaterally with multiple social networking services. 

Hence, these networks are turning into hotbeds of scams, deep-faked blackmail attacks, voice synthesized scams, and more, all stemming from malware infections.

Cryptocurrency and NFT attacks are rising as decentralized finance, and digital art assets become sophisticated socially engineered threats.

The increase in web-based activities among users has defeated the purpose of targeted attacks.

Unidentified attackers are on the prowl, targeting unsuspecting users with easy scams. Almost 75% of data breach originators have gone completely scot-free and remain anonymous. 

There is a more considerable threat potential towards industrial and supply chain domains that are harder to detect than the present crop of attacks. 

How Can Social Engineering Affect the Current State of Security in Australia?

Social engineering, alternatively known as ‘human hacking,’ is manipulating digital service users by exploiting emotions to steal their credentials, finances, and other sensitive details. 

Social engineering relies primarily on researching a victim’s demographic; the target is lured with false information and deception with an intent to create trust in the attacker. Hackers use such actions to extract sensitive details. Depending on the scale of the cyber-crime, the victim can be a targeted, high-profile attack. 

Australian digital service users should be wary of the following socially engineered app threats and attack vectors:


In this social engineering attack, the attacks lure mobile users into sharing critical information or hoodwink them into transferring funds. 

These attacks can lead to identity theft, banking theft, ransom-based threats, and even blackmail, depending on what information is compromised.


Whaling is an evolved form of phishing that is highly organized and sophisticated. Whaling attacks always target victims who are susceptible to usual phishing tactics. 

Whaling attacks can snowball into ransomware attacks, multi-device malicious infections, and targeted high-value victim attacks. Each attack usually targets government agencies, business enterprise executives, etc.


Baiting is another evolutionary offshoot of phishing that usually has an enormous and untargeted attack sprawl. It searches for victims who are gullible enough to divulge credentials or click on malware-infested links in the hopes of a reward. 

The proliferation of baiting attacks has severely jumped. Due to the massive use of mobile services, many Australians have become victims of baiting attacks during the COVID-19 lockdowns.

Watering Hole

The watering hole technique uses compromised web services to infect the victim’s device. They embed malware that logs every digital activity of the victim and even tailgates them to gain access to disparate, higher, and more confidential systems.

Future Attacks - What Australians Can Expect In and After 2022?

Fraudulent apps mask themselves as authentic applications on the official application stores to fool mobile users. The miscreants further fake reviews and inflate ratings to push their rankings on the application store. 

As per Kaspersky Antivirus’s Global Malware Ranking for Q1, different app-based attacks occupy 7 out of 20. Most malware applications pose as social benefits and rewards apps, thereby luring unsuspecting Australian mobile users. 

These apps promise the user hefty perks instead of conducting transactions; when they try to cash out, they are asked to cover legal assistance or transactional costs. However, once the transaction is completed, the user does not receive anything. 

Another malware application type includes fraudulent apps that promise to help the user raise investment capital. Cybercriminals operate such applications as they rely on the complacency of mobile users across Australia to conduct attacks. 

If these attacks scaled up to the size of the Australian population, the financial, informational, and social devastation would be unimaginable. Many Australian mobile users are unaware of the proceedings of cybersecurity vigilance, which makes them easy bait. 

AI-guided analyses of telemetry data from security analysts show that Australian users are more susceptible than the rest of the globe. The excessive trust in mobile device manufacturers and OS platform security fosters a breeding ground for malware. 

Australians should avoid overusing their mobile devices to conduct financial transactions until and unless they have dedicated mobile app security services installed to protect their accounts on all devices seamlessly. 

The iOS cloud’s global data breaches and recent mobile attacks in Australia call for a safer endpoint-to-cloud security routine, which is most effective when replicated to Android and other mobile platforms.

Published on Jun 23, 2022
Shivani Dhiman
Written by Shivani Dhiman
Content Marketing Manager at Appknox


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now