143 million Malware detected in the April-June quarter, report says

All campaigns aim at stealing data and getting sensitive information from the user or sell the stolen data in Dark Web.   | Photo Credit: Reuters

A report by data protection firm Quick Heal technologies notes more than 143 million Windows Malware were detected in the April-June quarter, with 64 million cases in June alone.

A strong possibility for the sudden spike in numbers in June could be to the opening up of businesses.

Quick Heal says cyberattacks are on the rise, and that Malware accounted for 38% of the total Android detections in this quarter followed by PUP and adware.

“Cybercriminals are taking advantage of COVID-19 pandemic for spreading malware and infecting devices to steal victim’s data,” Quick Heal said.

Attackers are using fake COVID-19 phishing emails and Black Lives Matter campaigns as a bait to trap users. In Android, fake Aarogya Setu App was used to hack user’s information.

As people are spending more time on their mobile phones and laptops, fraudsters are taking advantage of this situation by sending messages that offer free data or subscriptions with some link mentioned.

Those links can be malware spreading vectors. After analysing such messages, Quick heal mobile security team found that the messages offering free Netflix subscription with domain netflix-usa[.]net opens a page asking to share the same message with Ad pop ups. This message was used to generate traffic for particular site.

In another case Quick Heal mobile security team came across fake UPI ID of PM Cares fund. Fraudsters registered Fake UPI ID “pncare@sbi”, which is similar to real PM Cares fund UPI ID "pmcares@sbi", to disguise people and earn money.

Off all malware, Trojan malware, that misleads users about its true intent and fools the user to take an action, was found to clock the maximum detection at 51%.

Quick Heal observed that TrickBot continues to be effective distributor for effective malware. The infection vector for TrickBot is mostly a phishing/spam mail, which tricks the user into downloading the initial payload. Recently, few of these included fake COVID-19 phishing and fake Black Lives Matter campaigns as well.

The report also indicated the emergence of SMB exploits that allow an attacker to take remote control of the victim’s machine or crash any system in the network. SMBGhost, SMBleed and SMBLost are some of the named SMB vulnerabilities which have surfaced since March 2020 for which exploits or PoCs are also available in public.

The motive of all campaigns is to steal data and get sensitive information from the user or sell the stolen data in Dark Web.

This article is closed for comments.
Please Email the Editor

Printable version | Mar 3, 2021 8:50:58 AM |

Next Story