Story image

Faceliker Trojan leads the malware race in Q2

02 Oct 17

McAfee’s latest global Quarterly Threats Report puts rogue Facebook likers, script-based malware, healthcare threats and “mega ransomware” outbreaks at the top of its threat list for September 2017, complementing an overall increased in most types of malware.

According to the report, Facebook became a notable attack vector in Q2 through the use of a Trojan called Faceliker. The Trojan accounted for around 8.9% of the quarter’s 52 million new malware samples.

It works by infecting a user’s browser when they visit compromised or malicious websites. It then hijacks Facebook likes and advertises content without the user’s knowledge or permission. This method can boost advertising revenue for the threat actors as it can make a post look stronger than it actually is.

Vincent Weafer, McAfee Labs vice president, says Faceliker is able to manipulate social communications and apps

“By making apps or news articles appear more popular, accepted and legitimate among friends, unknown actors can covertly influence the way we perceive value and even truth. As long as there is profit in such efforts, we should expect to see more such schemes in the future,” he explains.

The report also highlighted that the healthcare industry across the world is taking a heavier hit than all other sectors in regards to security incident reports. 26% of incidents in Q2 were due to data breaches by accident or human error and the direct result of cyber attacks such as WannaCry.

In Asia Pacific, the public sector reported more incidents in Q2 than any other sector. Financial services and technology rounded out the top three reporters.

“Whether physical or digital, data breaches in healthcare highlight the value of the sensitive personal information organisations in the sector possess. They also reinforce the need for stronger corporate security policies that work to ensure the safe handling of that information,” Weafer comments.

Overall, the report found a 67% increase in malware in Q2, attributed to the rise of malware installs and the Faceliker Trojan.

Mac malware detections increased 4% in Q2 to 27,000 detections. Researchers put the mild increase down to a decrease in adware infections.

The report also calls attention to script-baled malware delivered through the Microsoft scripting language.

Spam emails are able to deliver malicious PowerShell scripts – techniques that rely on social engineering rather than security vulnerabilities. The scripts then compromise users’ systems.

“The script-based malware trend also includes the weaponisation of JavaScript, VBScript, and other types of non-executable modules using .doc, PDF, .xls, HTML, and other benign standards of personal computing.”

The report also stresses the importance of spotting adversary activities in their environment.

“One underlying assumption is that, at every moment, there is at least one compromised system on the network, an attack that has managed to evade the organisation’s preventive security measures,” explains Ismael Valenzuela, principal engineer, Threat Hunting and Security Analytics at McAfee.

“Threat hunters must quickly find artifacts or evidence that could indicate the presence of an adversary in the network, helping to contain and eliminate an attack before it raises an alarm or results in a data breach.”

Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.