Wednesday January 22, 2020
Home Lead Story McAfee: Crypt...

McAfee: Cryptocurrency Mining Malware Grew 86% in Q2 2018

In Q2, the total number of ransomware samples increased 57 per cent over the past four quarters, the report said

0
//
Logo of McAfee
Logo of McAfee. Flickr

Continuing its rise from the the fourth quarter of last year, cryptocurrency mining malware grew 86 per cent in the second quarter of this year, according to a new report from the global cybersecurity firm McAfee Labs.

Although less common than ransomware, cryptomining malware has quickly emerged as a factor on the threat landscape, the report said on Tuesday, adding that while cryptomining malware primarily targets PCs, other devices also have become victims.

“A few years ago, we wouldn’t think of Internet routers, video-recording devices and other Internet of Things devices as platforms for cryptomining because their CPU speeds were too insufficient to support such productivity,” said Christiaan Beek, Lead Scientist and Senior Principal Engineer with McAfee Labs Advanced Threat Research team.

The research also showed the continued adaptation of the type of malware vulnerability exploits used in the WannaCry and NotPetya outbreaks of 2017.

McAfee saw the exploits from these two high-profile threats repurposed within new malware strains, and newly discovered vulnerability exploits similarly adapted to produce entirely new threats.

New malware samples specifically designed to exploit software vulnerabilities increased by 151 per cent in the second quarter of 2018, the findings of the”McAfee Labs Threats Report” showed.

McAfee
Cryptomining malware surged 86% in Q2 2018: McAfee. IANS

“WannaCry and NotPetya provided cybercriminals compelling examples of how malware could use vulnerability exploits to gain a foothold on systems and then quickly propagate across networks,” Beek said.

McAfee said its mobile research team found a new billing-fraud campaign of at least 15 apps on Google Play.

The new campaign demonstrates that cybercriminals keep finding new ways to steal money from victims using apps on official stores such as Google Play, the report said.

You May Also Like to Read About- NASA’s Mars Orbiter Spots Opportunity Rover

The McAfee team also identified top security threats to users and implementers of Blockchain technologies.

The researchers’ analysis found that phishing, malware and implementation vulnerabilities are the primary attack vectors.

In Q2, the total number of ransomware samples increased 57 per cent over the past four quarters, the report said. (IANS)

Next Story

Over 14% Indians Affected by ‘Shopper’ Malware: Report

After the screen is unlocked, the app launches, gathers information about the victim's device and sends it to the attacker's servers. The server returns the commands for the application to execute

0

A new Trojan application is boosting popular shopping app ratings and installations and spreading ads that annoy users and over 14 percent Indians have been affected by this malware dubbed as “Shopper”, researchers from global cybersecurity and anti-virus brand Kaspersky said on Sunday.

The highest share of users infected by “Trojan-Dropper. AndroidOS.Shopper.a” from October to November 2019 was in Russia, with a staggering 28.46 per cent of all users affected by the shopaholic app located in the country. Almost a fifth (18.70 per cent) of infections were in Brazil and 14.23 per cent in India.

“Despite the fact that at the moment, the real danger stemming from this malicious app is limited to unsolicited ads, fake reviews and ratings issued in the name of the victim, no one can guarantee that the creators of this malware will not change their payload to something else,” Igor Golovin, Malware Analyst at Kaspersky, said in a statement.

For now, the focus of this malicious app is on retail, but its capabilities enable attackers to spread fake information via users’ social media accounts and other platforms.

The Trojan, dubbed “Shopper”, first drew the attention of researchers following its extensive obfuscation and use of the Google Accessibility Service.

The service enables users to set a voice to read out app content and automate interaction with the user interface — designed to help people with disabilities. However, in the hands of attackers this feature presents a serious threat to the device owner.

“The malware could automatically share videos containing whatever the operators behind Shopper would want on personal pages of users accounts and just flood the internet with unreliable information,” added GOlovin.

Smartphone
There was 54 per cent increase in data breaches in 2019 as compared to 2018 and 2020 will see significant rise in the number of Smartphone-focused malware and banking Trojans, a new report has predicted. Pixabay

According to the researchers, once the Trojan has the permission to use the service, it can gain almost unlimited opportunities to interact with the system interface and applications. It can capture data featured on the screen, press buttons and even emulate user gestures.

It is not known yet how the malicious application is being spread, however, researchers at Kaspersky assume that it may be downloaded by device owners from fraudulent ads or third-party app stores while trying to get a legitimate application.

Surprisingly, the app masks itself as a system application and uses a system icon named “ConfigAPKs” in order to hide itself from the user.

Also Read: 17-year-old Helps NASA Find Planet in Habitable Zone

After the screen is unlocked, the app launches, gathers information about the victim’s device and sends it to the attacker’s servers. The server returns the commands for the application to execute.

Notably, depending on the commands, the app can use a device owner’s Google or Facebook account to register on popular shopping and entertainment such as AliExpress, Lazada, Zalora, Shein, Joom, Likee and Alibaba, leave application reviews in Google Play on behalf of the device owner, check the rights to use the Accessibility Service and if permission is not granted, it sends a phishing request for them.

The app can also turn off Google Play Protect — a feature that runs a safety check on apps from the Google Play Store before they are downloaded, and open links received from the remote server in an invisible window and hide itself from the app menu after a number of screens are unblocked. (IANS)