The demand for multifunctional malware is increasing globally, finds Kaspersky Lab’s report on botnet activity. Such multifunctional malware isn’t designed for specific purposes but can perform any task.
Botnets are nets of compromised devices, used by criminals to spread malware and facilitate DDoS and spam attacks. Kaspersky analyzed over 150 malware families and their modifications circulating through 60,000 botnets for the first half of 2018 report.
Botnet activity in H1 2018:
According to the report, the single-purpose malware distributed using botnets have decreased in the first half of 2018 (H1 2018) as compared to second half of 2017 (2H 2017).
For instance, the banking trojans held 22.47% share in all the unique malware distributed using botnets in 2H 2017. This has decreased to 13.25% in the 1H 2018.
The shares of spamming bots and DDoS bots have also decreased in 1H 2018, Kaspersky noted. Both of these bots are another type of single-purpose malicious software distributed using botnets.
However, the Remote Access Tools (RAT) malware has almost doubled, increasing from 6.55% in H1 2017 to 12.22% in H2 2018. The RAT malware is a versatile malware that helps attackers to exploit the infected systems in many ways. Njrat, DarkComet and Nanocore are the most spread RAT malware.
Trojans have also increased from 32.87% in H2 2017 to 34.25% in H1 2018. These are also the multi-purpose malware that can allow attackers to control the infected system from multiple command and control servers.
“The reason why RATs and other multipurpose malware are taking the lead when it comes to botnets is obvious: botnet ownership costs a significant amount of money and in order to make a profit, criminals should be able to use each and every opportunity to get money out of malware,” said Alexander Eremin, security expert at Kaspersky Lab.
“A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans. While this ability in itself allows botnet owner to switch between different ‘active’ malicious business models, it also opens an opportunity for a passive income: the owner can simply rent out their botnet to other criminals.”
The miners, single-purpose malicious programs, have risen two-times at the same time. The cybercriminals have started to use botnets as a tool for mining cryptocurrency, which has increased the share of miners in bot-distributed files.
Also read: Slingshot malware attacking router-connected devices since 2012 without detection
The report concludes that botnets are increasingly leased according to the needs of the customer, and in many cases, it is difficult to pinpoint the specialization of the botnet. The botnets operators are keen to gain maximum possible control over the infected devices.
Read the full report here.
Images source: Kaspersky Lab
