Check Point Research Reveals Threat of Mobile Malware Persists as Attacks Targeting iOS Devices Incr

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
San Carlos, CA — Tue, 17 May 2016
Check Point® Software Technologies Ltd. (NASDAQ: CHKP) today published its latest Threat Index, highlighting the most prevalent malware families being used to attack organizations’ networks and mobile devices globally in April 2016.

Check Point identified 2,000 unique malware families during April, which was more than a 50 percent increase on the previous month. The findings revealed a wide range of threats that organizations’ networks face and the scale of the challenges that security teams need to think about in preventing an attack on their business critical information. Most notably:

  • Researchers found XcodeGhost, a compromised version of the iOS developer platform Xcode, is still an imminent threat to enterprise mobile devices, even though it was pulled from the Apple AppStore in September 2015. In general, attacks targeting iOS devices moved into the top three of most common mobile malware for the first time.
  • Android malware HummingBad remained in the overall top-10 of malware attacks across all platforms globally during the period. Despite only being discovered by Check Point researchers in February, it has rapidly become commonly used, indicating hackers view Android mobile devices as weak spots in enterprise security and as potentially highly rewarding targets.
“As organizations’ dependence on mobility continues to grow, this latest research highlights cyber criminals are taking advantage of these devices, as they are proving to be the weakest link in enterprise IT security,” said Michael Shaulov, head of mobility product management, Check Point. “This data also reinforces the need for businesses to have a strategy of advanced threat prevention on not only networks – but also on all endpoints and mobile devices – in order to best stop malware at the pre-infection stage.”

Overall in April, Conficker was the most prominent malware family, accounting for 17 percent of recognized attacks; Sality was responsible for 12 percent; and Zeroaccess for 6 percent of the recognized attacks. The top-10 families were responsible for over half of all recognized attacks:

  • Conficker – A worm that allows remote operations and malware to be download. The infected machine is then controlled by a botnet, which contacts its Command & Control server to receive instructions.
  • Sality – A virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
  • Zeroaccess – A worm that targets Windows platforms, allowing remote operations and malware download. It utilizes a peer-to-peer (P2P) protocol to download or update additional malware components from remote peers.
The top three mobile malware families in April were:

  • HummingBad –An Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and with slight modifications could enable additional malicious activity, such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
  • Iop – An Android malware that installs applications and displays excessive advertising by using root access on the mobile device. The amount of ads and installed apps makes it difficult for the user to continue using the device as usual.
  • XcodeGhost –A compromised version of the iOS developer platform, Xcode. This unofficial version of Xcode was altered so it injects malicious code into any app that was developed and compiled using it. The injected code sends app info to a C&C server, allowing the infected app to read the device clipboard.
 

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Guys- Please note that both Conficker and Sality have been out for a very, very long time. Conficker was first seen in 2008 and Sality in 2003!!!! And these two are the most currently prevalent!

Remarkable.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top