The second quarter 2018 Comodo Cybersecurity Global Threat Report has just been released! I couldn’t wait to read it, and I’m glad I did. It’s my job to keep on top of the rapidly evolving cyber threat landscape, but I was still surprised by what I learned. I’ll tell you which findings were the most interesting to me. But if you want to learn more, you may download the free report for yourself. This intelligence comes from the over 400 million unique malware samples worldwide that Comodo has detected during the second quarter of the year.
An International Perspective
Trojan malware infections are on the rise. Comodo has noticed a trend in phishing emails that spread trojans through attachments and hyperlinks. Once the user is fooled to open an attachment or click on a link, the trojan infection becomes a malicious foot-in-the-door for a payload that’s often delivered through command and control servers. Of all of the countries where Comodo monitors malware, Germany topped the list for trojans.
Malware trends often correlate with world events, so your time reading about them is time well spent. The anniversary of China’s Tiananmen Square protests, Donald Trump and Vladimir Putin’s meeting in Helsinki, Finland, Armenia’s political revolution, and the tension between Donald Trump and Kim Jong Un all were reflected in malware infection trends which were unlikely to be coincidences. Often these trends are the result of cyberwarfare, and other times hacktivism is a likely motive.
Cryptominers have become a little less frequent, but often a lot more harmful. Many of the latest cryptomining malware has impressive evasion and persistence techniques. Maybe the only symptom you’ll notice from a cryptominer infection is an unusual demand on your client’s CPU and memory. That really worries me.
Android is now one of the top platforms for malware. Comodo Threat Research Labs has seen a tremendous increase in both quantity and variety. Be really, really careful about sideloading Android apps. You probably should only download APKs from the Google Play Store in order to decrease your risk. Phishing emails and websites are another common source of Android malware. Spyware is the most common type of Android malware, and Comodo has noticed it becoming better at evading detection.
Ukraine and Russia were the most common countries for viruses, India, Turkey, and Russia (again!) for worms, and the United Kingdom for backdoors.
The Worst Trojan
The single most common trojan found in the second quarter is TrojWare.Win.32.Injector. It has been found to be spread by phishing. More specifically, an email that’s designed to look like it’s from a shipping and trading company. If the user executes the malicious file that it comes with, sensitive data from web browsers, email clients, FTP clients, WebDav, and SCP clients are sent to the cyber attacker.
I mentioned that newer cryptominers are getting better at evading detection. That’s often because fileless cryptominers are becoming more common. Fileless malware runs in a target’s CPU and memory without leaving a trace on a HDD or any other sort of data storage. Instead, fileless malware will inject itself into already running processes. So scanning your hard drive won’t find these rotten, pesky things.
BadShell is a cryptominer which fits the above criteria exactly. It exploits Windows’ PowerShell where commands are executed, puts malicious binaries in the Windows registry, and persists through Task Scheduler.
BadShell and other cryptominers can do serious harm to an organization’s network by delegating computer processing power to generating cryptocurrency rather than the activities your organization needs your clients and servers to be engaged in.
The Android Malware Explosion
People like me use our Android phones to organize our lives. I schedule my weeks for business and leisure, do my online banking, buy stuff, check the weather reports from my nearest weather station, plan my public transit travel, and read my email all with my Android phone. There are millions of users like me, and that’s why Android is a popular platform for spyware. Acquiring my phone’s private data would tell you so much about me and my life! And I’m just an ordinary person, really. If I was a prominent CEO or other sort of public figure, data acquired from me could be sold by cyber attackers for big bucks on the Dark Web.
Some of the most common Android spyware detected by Comodo includes KevDroid, Zoo Park, MikeSpy, and Stalker Spy.
I’m just skimming the surface of the valuable insights you can learn from Comodo Cybersecurity’s Global Threat Report Q2 2018. If I piqued your curiosity, you can download your own copy of the report.