SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Faceliker Trojan leads the malware race in Q2
Mon, 2nd Oct 2017
FYI, this story is more than a year old

McAfee's latest global Quarterly Threats Report puts rogue Facebook likers, script-based malware, healthcare threats and “mega ransomware” outbreaks at the top of its threat list for September 2017, complementing an overall increased in most types of malware.

According to the report, Facebook became a notable attack vector in Q2 through the use of a Trojan called Faceliker. The Trojan accounted for around 8.9% of the quarter's 52 million new malware samples.

It works by infecting a user's browser when they visit compromised or malicious websites. It then hijacks Facebook likes and advertises content without the user's knowledge or permission. This method can boost advertising revenue for the threat actors as it can make a post look stronger than it actually is.

Vincent Weafer, McAfee Labs vice president, says Faceliker is able to manipulate social communications and apps

“By making apps or news articles appear more popular, accepted and legitimate among friends, unknown actors can covertly influence the way we perceive value and even truth. As long as there is profit in such efforts, we should expect to see more such schemes in the future,” he explains.

The report also highlighted that the healthcare industry across the world is taking a heavier hit than all other sectors in regards to security incident reports. 26% of incidents in Q2 were due to data breaches by accident or human error and the direct result of cyber attacks such as WannaCry.

In Asia Pacific, the public sector reported more incidents in Q2 than any other sector. Financial services and technology rounded out the top three reporters.

“Whether physical or digital, data breaches in healthcare highlight the value of the sensitive personal information organisations in the sector possess. They also reinforce the need for stronger corporate security policies that work to ensure the safe handling of that information,” Weafer comments.

Overall, the report found a 67% increase in malware in Q2, attributed to the rise of malware installs and the Faceliker Trojan.

Mac malware detections increased 4% in Q2 to 27,000 detections. Researchers put the mild increase down to a decrease in adware infections.

The report also calls attention to script-baled malware delivered through the Microsoft scripting language.

Spam emails are able to deliver malicious PowerShell scripts – techniques that rely on social engineering rather than security vulnerabilities. The scripts then compromise users' systems.

“The script-based malware trend also includes the weaponisation of JavaScript, VBScript, and other types of non-executable modules using .doc, PDF, .xls, HTML, and other benign standards of personal computing.

The report also stresses the importance of spotting adversary activities in their environment.

“One underlying assumption is that, at every moment, there is at least one compromised system on the network, an attack that has managed to evade the organisation's preventive security measures,” explains Ismael Valenzuela, principal engineer, Threat Hunting and Security Analytics at McAfee.

“Threat hunters must quickly find artifacts or evidence that could indicate the presence of an adversary in the network, helping to contain and eliminate an attack before it raises an alarm or results in a data breach.