Pune: IT security and data protection firm Quick Heal Technologies said it had seen over 143 million malware attacks in the second quarter of the fiscal. The Quarterly Threat Report Q2 2020 said that attackers are still using COVID-19 as bait to drop malicious payloads to consumer devices, usually in the form of phishing emails that contain infected attachments. In the same category, Trickbot proved to be an active distributor for multiple malware through phishing emails.
Malware clocked 38% of the total Android detections in this quarter. Quick Heal researchers found various malicious applications that looked 100% authentic and infected consumer mobile phones by injecting malicious information. Among these apps, the fake Aarogya Setu app took the lead with more and more people downloading it to gain awareness around COVID-19 cases and info.
June had a higher number of Windows malware detections as compared to April and May with businesses starting to open up. Trojan clocked 51% detections with W32.Pioneer.CZ1 leading the charts (10 million+ detections). It is a file infector that injects a code to files present on the disk and shared network, collects system information, and eventually forwards it to a CNC server. Likewise, FraudTool.MS-Security emerged as the top PUA with around 0.9 million detections, while LNK.Cmd.Exploit.F ranked top among host-based exploits with about 0.09 million detections in the same quarter. This malware leverages security vulnerabilities found in host-based apps.
The report also indicated the emergence of new SMB exploits that allow attackers to take charge of the victim’s machine or crash any system in the network – SMBGhost, SMBleed, and SMBLost being the mainstream SMB vulnerabilities.
