Cyberattack attempts using favourite children's brands increased by 35% in Q1 2024

Ahead of International Children's Day (June 1), Kaspersky experts have examined recent threats that use as bait the reference to game and gaming brands popular among children such as Minecraft, Roblox, LEGO, Disney and others. As a result of the research based on selected keywords, it was found that the number of attack attempts increased by 35% in Q1 2024, compared to the same period last year. Specifically, nearly 1.3 million attack attempts were identified between January and March 2024.

In total, 1,264,866 attack attempts on mobile devices and computers disguised as popular topics among children were detected in Q1 2024. This is an increase of more than 30% compared to Q1 2023, when 936,840 attack attempts were recorded. According to Kaspersky's data, computer threats significantly dominated the number of attacks detected during the reporting period - 98.7% compared to 1.3% of mobile threats.

Based on research by Kaspersky experts, the top brands exploited by digital criminals included the most popular children's games - Minecraft, Roblox and Brawl Stars. Besides, the attackers also tried to exploit product names such as LEGO, popular children's cartoons such as Paw Patrol, Bluey and entertainment giant Disney, whose name could be used to search for cartoons, movies and popular TV series and related games or commercial products. More than 1.2 million device infections came from downloads distributed in Q1 2024. Although this type of software is not malicious, downloaders are often used to load other potentially unwanted applications onto devices.

Trojans, malicious programs that can allow cybercriminals to harvest credit card information, login credentials, modify data or disrupt computer performance, ranked second among the most prevalent threats masquerading as children's favorite brands. In Q1 2024, there were 27,576 attempts to present Trojans on users' devices, while adware - a type of software that displays unwanted annoying pop-up ads on the screen - resulted in 27,570 attempts.

The number of increased attacks detected was also accompanied by a decrease in the number of unique targeted users. Specifically, in Q1 2024, 49,630 unique users were attacked as opposed to 57,873 during the same period in 2023, a 14% decrease. This may mean that children may have continued to face new threats as a result of repeatedly downloading malicious files from the Internet.

Analysing individual cases of user attacks, Kaspersky researchers found that digital criminals are spreading malicious Trojan-SMS to mobile devices under the guise of the popular Brawl Stars game. Specifically, the SMS contains cheats to give players an unfair advantage over other players. Once installed and launched, the app first asks for permission for many functions (many of which are unnecessary or even dangerous) and then only displays pop-ups to unlock access to the content - without giving away the content itself.

To make it difficult for users to delete the app, cybercriminals made it a transparent icon and a blank name so that it could not be viewed on the home screen. From that moment, the app itself, once launched and granted permissions, performs a malicious function, sending SMS messages from the affected mobile device as a spam tool, thus emptying the victim's phone wallet.

Kaspersky researchers also found malicious websites with toys, dolls and other children's products. These sites were originally legitimate resources, which were later hacked by cybercriminals to spread malware. In this case, not only children who want to choose a new toy, but also parents looking for children's products can also become victims.

To keep children safe online, Kaspersky recommends:

• To create a safer online environment, it is important for parents to stay up-to-date on the latest threats and actively monitor their children's online activities.
  It is vital for parents to have open communication with their children about the potential risks they may face online and enforce strict guidelines to ensure their safety.
  
• With dedicated digital parental control apps, such as Kaspersky Safe Kids, parents can effectively protect their children both online and offline. Such apps help adults ensure a safe and positive digital experience for young children, establish healthy habits, protect against inappropriate content, balance screen time and control children's physical location.
  
• To help parents introduce their children to digital security amidst the evolving threat landscape, Kaspersky experts developed the Kaspersky Cybersecurity Alphabet with key concepts from the digital security industry. In this book, your children will learn about new technologies, learn the basic rules of safe cyber navigation, learn how to avoid online threats, and recognize the tricks of scammers. After reading this book together, you'll be sure your child knows how to distinguish an online phishing site, how VPN and QR codes work, and even what honeypots and encryption are and what role they play in modern cybersecurity.
• To protect your child from downloading malicious files during their play experience, we advise you to install a reliable security solution on their device.