Home Threats Cryptomining and IoT malware rose 70% in 2018: McAfee

Cryptomining and IoT malware rose 70% in 2018: McAfee


A recent research from McAfee revealed that the cybercriminals are generating 480 new threats per minute. In its latest report, “McAfee Labs Threats Report: December 2018,” McAfee highlighted the IoT malware increased to 73 percent, while the cryptocurrency mining malware was up to 71 percent in the third quarter of 2018.

“The McAfee Advanced Threat Research team has noticed a shift in dark web platforms. Several individual sellers have moved away from large markets and have opened their own specific marketplaces. They hope to fly under the radar of law enforcement and build a trusted relationship with their customers without the fear of a quick exit by the market owners. This shift has sparked a new line of business: Defiant website designers who offer to build hidden marketplaces for aspiring vendors. Other vendors are moving away from the TOR network, choosing platforms such as Telegram to offer their goods and services,” the report stated.

Further, the McAfee stated the mobile malware declined by 24% and new threats ranged from fake mobile applications to mobile banking Trojans. According to the report, the fake apps exfiltrated data, including location details, contact list, and listening to phone calls. McAfee evaluates the state of the cyber threat landscape based on its research, investigative analysis, and threat data gathered by the McAfee Global Threat Intelligence cloud each quarter.

A recent research from the company exposed an active phishing campaign that turns Android devices into mobile proxies. The McAfee mobile research team stated that the phishing attack was performed by sending a malicious code, named as Android/TimpDoor, via text messages that trick users into downloading a fake voice-message app. The installation of the fake application enables attackers to steal the device information and use the infected mobile devices as network proxies.

The researchers stated that the devices infected with TimpDoor could serve as mobile backdoors for stealthy access to the device’s internal networks. Once installed, the fake application runs a Socks proxy redirecting the device’s network traffic through a secure shell connection bypassing the network security mechanisms offered by Google Play Store.