Depressing reading as active malware families grow and HummingBad infects 85 million Android devices
The latest ‘Threat Index‘ from security specialists Check Point makes for grim reading, especially for Android users, with warnings that HummingBad has returned to the overall top-three threats across all platforms, and has now infected a staggering 85 million devices globally.
And to make matters worse, Check Point said that its latest threat data research has revealed a 61 percent increase (almost two thirds) in the number of active malware families in the first half of 2016.
Indeed, in its June Threat Index report, Check Point detected 2,420 unique and active malware families attacking business networks in June, representing a 21 percent increase since April. Business networks and mobile devices are the most threatened, highlighting the scale of risk faced by internal IT teams.
Check Point said that Conficker worm remained the most commonly used malware in June, accounting for 14 percent of recongised attacks. The Sality virus accounted for 10 percent of all attacks, and due to its complexity, is consider to one of the formidable malware to- date.
But mobile malware is an increasing concern, as HummingBad is in third position, and thanks to its infection of 85 Android devices, is estimated to be generating $300,000 (£227,920) per month in fraudulent ad revenue.
HummingBad is thought to have been developed in China, and last month security firm Lookout warned that it controls around 10 million devices.
The malware, which is attached to infected versions of Facebook, Twitter, WhatsApp and Okta’s enterprise single sign-on app, installs a rootkit that allows it to remain in place even after a factory reset, Lookout said.
It puts into place applications that generate fraudulent advertising revenue, as well as other fraudulent apps.
The malware is believed to be developed by Chinese organisation called Yingmob, a highly organised group with 25 employees staffing four divisions that develop the malware’s components.
Other mobile malware causing concern is Iop, which is Android malware that installs applications and displays excessive advertising by using root access on the mobile device. The amount of ads and installed apps makes it difficult for the user to continue using the device as usual, warned Check Point.
But it is not just Android. Apple The third biggest threat to business mobile devices is XcodeGhost, which is a compromised version of the iOS developer platform, Xcode. It apparently injects malicious code into any app that was developed and compiled using it. The injected code sends app info to a C&C server, allowing the infected app to read the device clipboard.
“The sustained, significant increase in the number of active malware families targeting business networks during the first half of 2016 highlights the escalating threat levels that organisations are currently facing,” said Nathan Schuchami, head of threat prevention, Check Point
“Hackers are putting extensive effort into creating new, sophisticated malware families to defraud companies and steal data,” said Schuchami. “Organisations need advanced threat prevention measures on their networks, endpoints and mobile devices to stop these threats before they fall victim to them.”