India, September 08, 2020: Quick Heal Technologies, one of the leading providers of IT Security and Data Protection solutions for consumers, businesses, and Government, has underlined the rising state of cyberattacks during the on-going COVID-19 phase in its latest Quarterly Threat Report Q2 2020. The report highlighted over 143 million malware that targeted consumer smart-devices in the second quarter of 2020, mainly in the form of coronavirus-themed attacks.
According to Quick Heal researchers, attackers are still using COVID-19 as bait to drop malicious payloads to consumer devices, usually in the form of phishing emails that contain infected attachments. In the same category, Trickbot proved to be an active distributor for multiple malware through phishing emails.
June clocked the highest detections of Windows malware compared to April and May due to the opening up of businesses under the unlock phase. Another notable observation made by the researchers was the detection of maximum malware using Network Security Scan. This technology analyzes the network traffic, identifies cyberattacks, and stops the malicious packet from entering the system.
Trojan clocked 51% detections with W32.Pioneer.CZ1 leading the charts (10 million+ detections). It is a file infector that injects a code to files present on the disk and shared network, collects system information, and eventually forwards it to a CNC server. Likewise, FraudTool.MS-Security emerged as the top PUA with around 0.9 million detections, while LNK.Cmd.Exploit.F ranked top among host-based exploits with about 0.09 million detections in the same quarter. This malware leverages security vulnerabilities found in host-based apps.
The report also indicated the emergence of new SMB exploits that allow attackers to take charge of the victim’s machine or crash any system in the network – SMBGhost, SMBleed, and SMBLost being the mainstream SMB vulnerabilities. Poulight, another info-stealing trojan that steals sensitive information from the device through spear-phishing emails, was also recorded during the same quarter.
Observations in the Android space
Malware clocked 38% of the total Android detections in this quarter. Android. Bruad.A topped the list of top 10 Android malware with 32% detections. When speaking of trends, Quick Heal researchers found various malicious applications that looked 100% authentic and infected consumer mobile phones by injecting malicious information. Among these apps, the fake Aarogya Setu app took the lead with more and more people downloading it to gain awareness around COVID-19 cases and info.
In the banking domain, Eventbot appeared to be a dangerous mobile Trojan that hacks into phones’ in-built accessibility and steals data by reading into SMSs, banking PINs, etc. Interestingly, this trojan bypasses even the two-factor authentication process that most banking apps offer to ensure security.
As consumers spend more time on their mobiles and laptops, they become vulnerable to attackers. Among the top scams that went live during this phase were free Netflix subscriptions and fraud PM CARE Fund applications. Quick Heal scanned, detected, and stopped these attackers from fooling consumers and earning money in the process.
In a bid to uphold cybersecurity for customers, especially during the on-going crisis, Quick Heal researchers have advised consumers to follow a few tips and suggestions. Be careful while interacting with COVID-19-related messages and emails. Always keep device software and antivirus updated. Practice caution when downloading apps from third-party app stores. Report suspicious activities immediately to support executives and cybersecurity vendors. Lastly, never open emails that come from unknown sources.