Menu
McAfee Labs pinpoints four Q3 threats areas

McAfee Labs pinpoints four Q3 threats areas

Quarterly report indicates growth in Android malware, signed malware, spam, and virtual currencies

Security vendor McAfee’s research arm, McAfee Labs, has identified growth across four threat trends in the third instalment of its quarterly reports for 2013, including Android-based malware, signed malware, spam, and virtual currencies.

Almost 700,000 new malware samples aimed at the Android platform were catalogued in the third quarter of the year, accounting for an increase of more than 30 per cent.

McAfee Labs claims this is driven at least partially by a new category of Android malware, titled Exploit/MasterKey.A, which allows attackers to bypass the digital signature validation of applications, a key component of the Android security process.

Researchers have also found a new class of Android malware that, once installed, downloads a second-stage payload without the user’s knowledge.

“The efforts to bypass code validation on mobile devices, and commandeer it altogether on PCs, both represent attempts to circumvent trust mechanisms upon which our digital ecosystems rely,” McAfee Australia and New Zealand (A/NZ) enterprise solutions architect, Sean Duca, said.

“The industry must work harder to ensure the integrity of this digital trust infrastructure given these technologies are becoming even more pervasive in every aspect of our daily lives.”

On the signed malware front, McAfee Labs reports an increase of nearly 50 per cent. It claims this is due to cybercriminals being aware that binaries signed using a certificate from a known Certificate Authority (CA) is immediately deemed valid. As a result, attackers are signing an ever-increasing fraction of malicious payloads using either stolen certificates or certificates sourced from rogue CA vendors.

In October, McAfee Labs reported that signed malware increased from 1.3 per cent in 2010 to 5.3 per cent in 2013, and while it may appear a small change, it indicates that more than five million digitally-signed malware samples are in circulation.

The trend is more pronounced within the mobile environment, with the percentage of signed malware increasing from essentially zero to nearly 25 per cent of known Android-based malware samples in the last three years.

Spam volume increased by a total of 125 per cent throughout the third quarter, most of which occurred in the last four weeks of the period. McAfee Labs attributes this to legitimate marketing firms purchasing and using mailing lists sourced from less-than-reputable sources. Despite the high-volume nature of the message campaigns, the research company claims they generally do not contain malware so users often do not know the difference.

Virtual currencies, whose value is not tied to traditional currencies, are being labelled one of the hottest ‘cyber-topics’ of the last 12 months. Yankee Group estimates that the so-called virtual currencies market grew to $US47.5 billion in 2012.

According to McAfee Labs, the ability for transactions to be anonymous when processed using virtual currencies has drawn cybercriminals to offer illicit goods and services that would normally be transparent to law enforcement. It also offers an effective way to ‘launder’ profits of both online and offline criminal activity.

As a result, the third quarter saw notable events in the use of Bitcoin for illicit activities such as the purchase of drugs, weapons, and other illegal goods on websites such as Silk Road. The growing presence of Bitcoin-mining malware reinforced the increasing popularity of the currency.

“As these currencies become further integrated into our global financial system, their safety and stability will require initiatives leveraging both the financial system’s monetary controls and oversight and the technical controls and defences our industry provides,” Duca said.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags spamresearchsecurityAndroidmcafee labsmalware

Featured

Slideshows

HP channel recognised at 2017 Partner Awards

HP channel recognised at 2017 Partner Awards

The HP Partner Awards 2017 at Shed 10 kicked off with an AMD-sponsored hackers lounge, a mysterious gaming style area filled with dry ice and red lasers, the waiters wearing Mr Robot style masks.

HP channel recognised at 2017 Partner Awards
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments