IT threat evolution Q1 2017.<BR>Statistics” />Q1 figures<br />
According to KSN data, Kaspersky Lab solutions detected and repelled 479,528,279 malicious attacks from online resources located in 190 countries all over the world.<br />
79,209,775 unique URLs were recognized as malicious by web antivirus components.<br />
Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 288 thousand user computers.<br />
Crypto ransomware attacks were blocked on 240,799 computers of unique users.<br />
Kaspersky Lab’s file antivirus detected a total of 174,989,956 unique malicious and potentially unwanted objects.<br />
Kaspersky Lab mobile security products detected:</p>
<p>1,333,605 malicious installation packages;<br />
32,038 mobile banker Trojans (installation packages);<br />
218,625 mobile ransomware Trojans (installation packages).</p>
<p>Mobile threats<br />
Q1 events<br />
The rise of Trojan-Ransom.AndroidOS.Egat<br />
In the first quarter of 2017, we registered a dramatic growth in attacks involving mobile ransomware from the Trojan-Ransom.AndroidOS.Egat family: the number of users attacked by this type of malware increased more than 13 times from the previous quarter.<BR><BR>Despite this Trojan being known to us since June 2016, such an explosive increase in the number of attacks has only occurred now.<br />
This malware has standard mobile ransomware functionality: it blocks the device, overlays all open windows with its own window, then demands money to unblock the device.<BR>In most cases, the ransom amount fluctuates between $100 and $200. Most of the attacked users were in Europe, mainly Germany, the UK and Italy.<br />
Revamped ZTorg<br />
We managed to detect around 30 new Trojans from the Ztorg family in the official Google Play Store.<BR><BR>To recap, this is the family that gave us infected fake guides for Pokémon GO.<BR>It was discovered in Google Play in the summer of 2016 and was installed more than 500,000 times.<BR><BR>After installation, Ztorg checks to make sure it isn’t running on a virtual machine.<BR>If the check is passed smoothly, the main module is loaded from a remote server.<BR><BR>By exploiting a vulnerability in the system, the Trojan tries to gain superuser privileges.<BR>If successful, it installs its modules into the system folders and also modifies the device settings so that it remains there – even after a reset to factory settings.<br />
<img src=

Leave a Reply