In the second quarter of 2018, the leading cybersecurity firm Comodo detected more than 400 million unique malwares in the top-level domains of 237 countries. In its Global Threat Report, the cybersecurity firm distinguished the types of malware and their impacts around the world.
The types of malware included computer worms, high threat malware, medium threat malware, and low threat malware.
Computer worms are similar to virus, but they autonomously travel across the internet exploiting the computers with a malicious payload. These can diminish local system resources, consume high bandwidth, and cause a denial of service. Comodo placed the computer worms in a special category named Strategic Threat because of their ability to travel faster across the internet and infect many devices at a time.
The highest number of worm infections were found in Russia, Turkey and India. Whereas, the highest number of backdoors were detecting in the United Kingdom, as per Comodo’s Global Threat Report Q2 2018.
The high-threat malware includes backdoors, viruses, trojans and exploits. The high-threat malware is more localized threat as compared to worms because they require interaction of users for propagation and installation.
Whereas, the medium-threat malwares are somewhat rarer but more exotic. These can include constructors, email flooders, virtual tools, jokes, and malware packers. The low-threat malware includes a range of malicious functionalities detected within unwanted and unsafe apps.
In its quarterly reports, Comodo presents the threat findings and analysis, highlights the pervasive malware and cyberattacks, and analyzes the malware patterns focusing on specific industries and geographies.
Key findings of the Global Threat Report by Comodo:
Trojans top the list of malwares
A sudden change in malware competition has been detected in Q2 2018. Trojans, the malware programs that pretend to be genuine applications, spread the most during the quarter, accounting for more than half of all kinds of malware.
What the trojans do is create backdoors in the systems that allow attackers to steal data, implant ransomware, adware, crypto-miners, and even crash the complete systems. The owner of the systems infected by trojans remain unaware of the attack for a long time.
The attackers can also disrupt the performance of computer or network of computers. As a result, the enterprises are facing major attacks where malware is hidden in the systems with long-term activity.
Of all the trojans, TrojWare.Win.32.Injector was found to be the most widespread trojan. The attackers spread this trojan through a fake email imitating a message from a shipping and trading company. It could steal the credentials and personal data from browsers, email clients, FTP clients, WebDav, and SCP clients.
“Trojans have always been a prevalent and dangerous threat, but their evolution in Q2 is particularly interesting as they are now able to hide for longer periods of time and persist despite the efforts of some of the most efficient AV solutions on the market,” commented VP of Comodo Cybersecurity Threat Research Labs, Fatih Orhan. “Q2 has by far displayed the most sophisticated variants of Trojan malware we have ever discovered.”
Cryptominers becoming multifunctional malware
Researchers at Comodo found decrease in the number of cryptominers, however their capabilities have become more harmful. The cryptominers have become more developed in terms of better hiding and stronger persistence.
Earlier, the cryptominers could use the infected system resources for cryptocurrency mining on the behalf of attackers. Since most of the cryptominers could consume the CPU data rather than steal or destroy data like malware, several users didn’t consider them as particularly dangerous.
But the situation has changed now. Comodo malware analysts detected new samples of cryptominers that had more harmful capabilities instead of just cryptomining.
The new samples could hide and fight the anti-malware services, kill competing cryptominers, camouflage themselves, and even crash the entire system.
For example, WinstarNssmMiner cryptominers can steal the computer resources to mine cryptocurrencies for cybercriminals. This cryptominer comes with a special feature that allows it to be rooted so deeply into the system that nobody can remove it. If the users try to kill the WinstarNssmMiner, it will kill the target system totally.
Android malware spying on users, stealing confidential data
Cybercriminals and malware creators are increasingly targeting the Android devices. The users of Android devices not only store the personal data on the smartphone but also use it for most of the financial transactions.
Apart from targeting the financial transactions, the cybercriminals are spying on the owner of the device to steal confidential information. They use the confidential content of the device to blackmail the users. And if the owner of the attacked device is a politician, a CEO or any other VIP, then they sell the content to interested parties for huge sums or blackmail them.
Comodo reported that spying on the users has become the number one purpose of Android malware. The analysts found several kinds of spying tools in the second quarter that infect mobile devices and extract data from them.
Among the family of Android malware, a very dangerous one detected by Comodo is KevDroid, which is distributed in three versions.
The first version, Naver Defender application, enters a device and resides without showing an icon on the launcher screen. This can steal name, phone numbers, contacts, account details, and email address. It reads the call logs, emails, and photos of the contacts.
It also records the phone calls, gather information about installed applications, running services, and name of launcher. Further, the KevDroid encrypts the extracted data and send it to the server of attackers.
The second version, Netease Defender, can control the camera on an Android device. It records all the activities of the users and sends the video to attackers’ server. Whereas, the third version makes a list of files on the mobile, collects history of web browsers, and additional device information.
The Android users think that they are safe if they download apps from Google Play Store, but this is a wrong assumption. This year, a spyware called Desert Scorpion was found spreading through official Google Play Services. It was camouflaged as a chat app called Dardesh Instant App.
Suggested reading: It costs $715,000 to mitigate a DNS attack in 2018
The new cybersecurity trends not only show an increase in malware around the world, but also that malware is becoming more cunning in delivery method. Such malware can’t be easily tracked using anti-virus software.
Further, the mobile devices are becoming appealing to attackers as these devices contain several types of valuable information but aren’t secured as compared to the desktop systems.
The trends promise a big impact on IT end-users and cybersecurity market, forcing the IT-security departments and cybersecurity providers to revamp their security measures and strategies.
Download the full Global Threat Report Q2 2018 here.
Images source: Comodo