McAfee Labs today released the McAfee
Threats Report: Second Quarter 2013, which found that
Android-based malware achieved a 35 percent growth rate not seen since
early 2012. This rebound was marked by the continued proliferation of
SMS-stealing banking malware, fraudulent dating and entertainment apps,
weaponized legitimate apps and malicious apps posing as useful tools.
McAfee Labs registered twice as many new ransomware samples in Q2 as in
Q1, raising the 2013 ransomware count higher than the total found in all
previous periods combined.
The second quarter also saw a 16 percent increase in suspicious URLs, a
50 percent increase in digitally-signed malware samples, and notable
events in the cyber-attack and espionage areas, including multiple
attacks on the global Bitcoin infrastructure and revelations around the
Operation Troy network targeting U.S. and South Korean military assets.
McAfee Labs researchers identified a set of common mobile strategies
employed by cybercriminals to extract money and confidential information
Banking Malware. Many banks implementing two-factor
authentication require customers to log into their online accounts
using a username, password and a mobile transaction number (mTAN) sent
to their mobile device via a text message. McAfee Labs researchers
identified four significant pieces of mobile malware that capture the
traditional usernames and passwords, and then intercept SMS messages
containing bank account login credentials. The malicious parties then
directly access accounts and transfer funds.
Fraudulent Dating Apps. McAfee Labs discovered a surge in
dating and entertainment apps that dupe users into signing up for paid
services that do not exist. Lonely users attempt to access potential
partners’ profiles and other content only to become further frustrated
when the scam is recognized. The profits from the purchases are later
supplemented by the ongoing theft and sale of user information and
personal data stored on the devices.
Trojanized Apps. Research revealed the increasing use of
legitimate apps altered to act as spyware on users' devices. These
threats collect a large amount of personal user information (contacts,
call logs, SMS messages, location) and upload the data to the
Fake Tools. Cyber criminals are also using apps posing as
helpful tools, such as app installers that actually install spyware
that collects and forwards valuable personal data.
“The mobile cybercrime landscape is becoming more defined as cybergangs
determine which tactics are most effective and profitable,” said Vincent
Weafer, senior vice president, McAfee Labs. “As in other mature areas of
cybercrime, the profit motive of hacking bank accounts has eclipsed the
technical challenges of bypassing digital trust. Tactics such as the
dating and entertainment app scams benefit from the lack of attention
paid to such schemes; while others simply target the mobile paradigm’s
most popular currency: personal user information.”
Beyond mobile threats, the second quarter revealed the continued
adaptability of attackers in adjusting tactics to opportunities,
challenges to infrastructure upon which commerce relies, and a creative
combination of disruption, distraction and destruction to veil advanced
Ransomware. Over the past two quarters McAfee Labs has
catalogued more ransomware samples than in all previous periods
combined. The number of new samples in the second quarter was greater
than 320,000, more than twice as many as the previous period,
demonstrating the profitability of the tactic.
Digitally-signed malware. Malware signed with legitimate
certificates increased 50 percent, to 1.2 million new samples,
rebounding sharply from a decline in the first quarter. The trend of
illegitimate code authenticated by legitimate certificate authorities
could inevitably undermine confidence in the global certificate trust
Suspicious URLS. The second quarter’s increase in suspicious
URLs shows how important “infected” sites remain as a distribution
mechanism for malware. At June’s end, the total number of suspect URLs
tallied by McAfee Labs reached 74.7 million, which represents a 16
percent increase over the first quarter.
Spam Volume. Global spam volume continued to surge through the
second quarter with more than 5.5 trillion spam messages. This
represented approximately 70 percent of global email volume.
Attacks on Bitcoin Infrastructure. The sudden activity in the
Bitcoin market over the course of the past quarter attracted interest
from cybercriminals. In addition to disruptive distributed denial of
service attacks (DDoS), the group infected victims with malware that
uses computer resources to mine and steal the virtual currency.
Operation Troy. McAfee Labs uncovered evidence suggesting that
attacks on South Korean banks and media companies in March and June of
this year were in fact connected to an ongoing cyber espionage
campaign dating back to 2009. A study of forensic evidence suggested
that the campaign was designed to target U.S. and South Korean
military systems, identify and remove confidential files, and, when
necessary, destroy the compromised systems through a master boot
record (MBR) attack. Read the full report: Dissecting
Operation Troy: Cyber Espionage in South Korea.
Each quarter, the McAfee Labs team of 500 multidisciplinary researchers
in 30 countries follows the complete range of threats in real time,
identifying application vulnerabilities, analyzing and correlating
risks, and enabling instant remediation to protect enterprises and the
public. To read the full McAfee Threats Report: Second Quarter 2013,
please visit: http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2013.pdf
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC),
empowers businesses, the public sector, and home users to safely
experience the benefits of the Internet. The company delivers proactive
and proven security solutions and services for systems, networks, and
mobile devices around the world. With its Security Connected strategy,
innovative approach to hardware-enhanced security, and unique Global
Threat Intelligence network, McAfee is relentlessly focused on keeping
its customers safe. http://www.mcafee.com
Note: McAfee is a trademark or registered trademark of McAfee, Inc.
in the United States and other countries. Other names and brands may be
claimed as the property of others.