Story image

Faceliker Trojan leads the malware race in Q2

02 Oct 2017

McAfee’s latest global Quarterly Threats Report puts rogue Facebook likers, script-based malware, healthcare threats and “mega ransomware” outbreaks at the top of its threat list for September 2017, complementing an overall increased in most types of malware.

According to the report, Facebook became a notable attack vector in Q2 through the use of a Trojan called Faceliker. The Trojan accounted for around 8.9% of the quarter’s 52 million new malware samples.

It works by infecting a user’s browser when they visit compromised or malicious websites. It then hijacks Facebook likes and advertises content without the user’s knowledge or permission. This method can boost advertising revenue for the threat actors as it can make a post look stronger than it actually is.

Vincent Weafer, McAfee Labs vice president, says Faceliker is able to manipulate social communications and apps

“By making apps or news articles appear more popular, accepted and legitimate among friends, unknown actors can covertly influence the way we perceive value and even truth. As long as there is profit in such efforts, we should expect to see more such schemes in the future,” he explains.

The report also highlighted that the healthcare industry across the world is taking a heavier hit than all other sectors in regards to security incident reports. 26% of incidents in Q2 were due to data breaches by accident or human error and the direct result of cyber attacks such as WannaCry.

In Asia Pacific, the public sector reported more incidents in Q2 than any other sector. Financial services and technology rounded out the top three reporters.

“Whether physical or digital, data breaches in healthcare highlight the value of the sensitive personal information organisations in the sector possess. They also reinforce the need for stronger corporate security policies that work to ensure the safe handling of that information,” Weafer comments.

Overall, the report found a 67% increase in malware in Q2, attributed to the rise of malware installs and the Faceliker Trojan.

Mac malware detections increased 4% in Q2 to 27,000 detections. Researchers put the mild increase down to a decrease in adware infections.

The report also calls attention to script-baled malware delivered through the Microsoft scripting language.

Spam emails are able to deliver malicious PowerShell scripts – techniques that rely on social engineering rather than security vulnerabilities. The scripts then compromise users’ systems.

“The script-based malware trend also includes the weaponisation of JavaScript, VBScript, and other types of non-executable modules using .doc, PDF, .xls, HTML, and other benign standards of personal computing.”

The report also stresses the importance of spotting adversary activities in their environment.

“One underlying assumption is that, at every moment, there is at least one compromised system on the network, an attack that has managed to evade the organisation’s preventive security measures,” explains Ismael Valenzuela, principal engineer, Threat Hunting and Security Analytics at McAfee.

“Threat hunters must quickly find artifacts or evidence that could indicate the presence of an adversary in the network, helping to contain and eliminate an attack before it raises an alarm or results in a data breach.”

Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.