top of page



According to Avira's Report on Cybersecurity, cyber criminals benefited greatly from COVID-19. With a world eager for information, malware authors developed a wide variety of strategies to exploit users’ fears and need for answers around the virus, from malware which enables cyber attackers to read credit card data to vaccine based scams targeting the elderly in order to gain access to personal payment data.

Overall, cyber-attacks increased by 15% worldwide in 2020 compared to 2019. Further the rate of scams overall rose and fell at the same rate and time as the virus appeared across the world. Since the beginning of the pandemic, special variants of well-known malware families have emerged to trap unsuspecting users with the phrases "Corona" or "COVID-19".

"For many years, authors of malware have been using psychological tricks to lure unsuspecting users," said Alexander Vukcevic, Director of Avira Protection Labs. "Currently, we are in a situation where many people are looking for answers and are worried because of COVID-19. The authors of malware are specifically exploiting this uncertainty.”

Banking Trojan "Cerberus" lures with "Corona”

One example of this is a variant of the Android banking Trojan "Cerberus", which is most often distributed under the name "Corona-Apps.apk" via phishing campaigns. The keyword "Corona" is intended to entice Android users to install the Trojan on their smartphone. According to the Avira report, the number of Android banking Trojans detected in 2020 increased by 35 percentage points compared to the previous year, which is due in part to increased mobile banking.

"Banking Trojans have always played an important role in the Android malware scene and this year they have an even bigger presence. In addition to the strategy of using COVID-19 as a cover, they also use the classic approach: they disguise themselves as a widely used app and ask for unusual permissions in order to obtain credit card data, for example," Vukcevic said.

COVID-19 as a driver for cyber attacks

Overall, Avira Protection Labs recorded an increase in malware attacks of around 15% compared to 2019 with a significant increase particularly in the first and last months of 2020. Interestingly, the number of all cyber-attacks blocked by Avira increased this year at the same rate as the pandemic spread. During the first wave of the pandemic in April, the number of malware attacks also reached its first peak. As the scale of the pandemic diminished in the summer, so did the number of attacks. Since the beginning of the second wave, the number of malware attacks has been rising rapidly again.

There would appear to be a direct correlation between the number of attacks and the number of people working from home, this may be down to cybercriminals knowing that people are often more vulnerable to certain types of attacks when away from a secure office environment.

Increasing threat in 2021: Stalkerware

Another malware that actively camouflages itself and, according to Avira, will become increasingly important in the coming years is stalkerware. Apps that are detected as stalkerware are a type of spyware that can endanger the privacy of users and the security of the system. These spy apps can be installed without the knowledge or consent of the device owner, to secretly monitor them and spy on personal information such as pictures, videos, messages and location data. To disguise their activities, they use a stealth mode that allows the app to run invisibly in the background. Due to the increasing activity of stalkerware apps in the Android environment, Avira is an active member in the Coalition Against Stalkerware to support their fight against this threat.

About Avira

Avira provides a consumer-focused portfolio of security and privacy solutions for Windows, Mac, Android and iOS, home networks, and smart devices (IoT). All Avira features are available as licensed SDKs and APIs. Working together, Avira and its partners protect more than 500 million devices globally. Avira solutions consistently achieve best-in-class results from independent security tests.

We don’t just offer our solutions to consumers. The OEM side of our business also shares our award-winning technologies with developers and businesses. Our tools, kits and services make it easier and quicker to put high security standards at the heart of business around the world. We back up our SDKs, APIs, anti-malware tech and threat intelligence with specialist integration teams and expert 24/7 support. Avira is headquartered near Lake Constance, Germany, with additional offices in the EU, the United States, and Asia.

For more information about Avira please visit:

bottom of page