Android, Bitcoin top malware targets, McAfee reports
Security vendor McAfee's research arm, McAfee Labs, has identified growth across four threat trends in the third installment of its quarterly reports for 2013, including Android-based malware, signed malware, spam, and virtual currencies.
Almost 700,000 new malware samples aimed at the Android platform were cataloged in the third quarter of the year, accounting for an increase of more than 30 percent.
McAfee Labs claims this is driven at least partially by a new category of Android malware, titled Exploit/MasterKey.A, which allows attackers to bypass the digital signature validation of applications, a key component of the Android security process.
Researchers have also found a new class of Android malware that, once installed, downloads a second-stage payload without the user's knowledge.
"The efforts to bypass code validation on mobile devices, and commandeer it altogether on PCs, both represent attempts to circumvent trust mechanisms upon which our digital ecosystems rely," said Sean Duca, enterprise solutions architect for McAfee Australia and New Zealand. "The industry must work harder to ensure the integrity of this digital trust infrastructure given these technologies are becoming even more pervasive in every aspect of our daily lives."
On the signed malware front, McAfee Labs reports an increase of nearly 50 percent. It claims this is due to cybercriminals being aware that binaries signed using a certificate from a known Certificate Authority (CA) is immediately deemed valid. As a result, attackers are signing an ever-increasing fraction of malicious payloads using either stolen certificates or certificates sourced from rogue CA vendors.
In October, McAfee Labs reported that signed malware increased from 1.3 percent in 2010 to 5.3 percent in 2013, and while it may appear a small change, it indicates that more than five million digitally-signed malware samples are in circulation.
The trend is more pronounced within the mobile environment, with the percentage of signed malware increasing from essentially zero to nearly 25 percent of known Android-based malware samples in the last three years.
Spam volume increased by a total of 125 percent throughout the third quarter, most of which occurred in the last four weeks of the period. McAfee Labs attributes this to legitimate marketing firms purchasing and using mailing lists sourced from less-than-reputable sources.
Despite the high-volume nature of the message campaigns, the research company claims they generally do not contain malware so users often do not know the difference.
Virtual currencies, whose value is not tied to traditional currencies, are being labelled one of the hottest "cyber-topics" of the last 12 months. Yankee Group estimates that the so-called virtual currencies market grew to $47.5 billion in 2012.
According to McAfee Labs, the capability for transactions to be anonymous when processed using virtual currencies has drawn cybercriminals to offer illicit goods and services that would normally be transparent to law enforcement. It also offers an effective way to "launder" profits of both online and offline criminal activity.
As a result, the third quarter saw notable events in the use of Bitcoin for illicit activities such as the purchase of drugs, weapons, and other illegal goods on websites such as Silk Road. The growing presence of Bitcoin-mining malware reinforced the increasing popularity of the currency.
"As these currencies become further integrated into our global financial system, their safety and stability will require initiatives leveraging both the financial system's monetary controls and oversight and the technical controls and defenses our industry provides," Duca said.