Global cybersecurity giant Kaspersky is calling on Sri Lankan regulators to establish clear cybersecurity guidelines for mobile financial services amid a surge in digital threats. As Sri Lanka embraces a mobile-first digital economy, the growing reliance on smartphones for banking and shopping is exposing millions to significant financial cyber risks.
According to a 2024 Kaspersky cybersecurity report, the threat landscape is worsening globally, with data foreshadowing an imminent rise in similar attacks within Sri Lanka’s rapidly expanding mobile user base. The report reveals a dramatic increase in malware targeting mobile devices, with the number of affected users doubling in 2024 compared to the previous year.
More alarmingly, incidents involving banking Trojans, which are designed to steal banking credentials, grew 3.6 times. The Trojan-Banker family Mamont, one of the most active global threats, uses techniques that can be easily adapted to local contexts.
Managing Director for Asia Pacific at Kaspersky, Adrian Hia explained the vulnerability.
“Mobile devices are attractive targets for cybercriminals because users often have fewer protections in place and may unknowingly download malicious apps. In Sri Lanka, this is compounded by a surge in digital wallet use and mobile banking adoption, especially among younger, tech-savvy consumers.”
Cybercriminals are employing sophisticated methods to trick users.
Hia highlighted common vectors such as fake parcel tracking apps, fraudulent cryptocurrency wallets, and bogus e-commerce platforms that appear legitimate but are designed to steal credentials or install spyware. The problem is worsened by users often neglecting to verify app sources or update their phone’s software, which increases their vulnerability.
To counter this growing threat, Kaspersky is urging a multi-pronged approach involving consumers, corporations, and government bodies.
“Establishing clear cybersecurity guidelines for mobile financial services and running nationwide awareness initiatives will empower users and institutions alike,” Hia stated.
He advised that financial institutions and mobile network operators must collaborate to proactively detect and block suspicious activities.
Consumers are advised to remain vigilant by only downloading applications from official app stores, carefully scrutinising app permissions before granting access, and regularly updating device software to patch security flaws. Kaspersky also provides various security solutions to aid user protection, such as Kaspersky Internet Security for Android for real-time defense, Kaspersky Secure Connection (VPN) for encrypting internet traffic, and an App Lock feature to secure sensitive applications with a secret code.
