WannaCry is the most popular Android ransomware: Bitdefender

GUEST RESEARCH: Bitdefender has released its September 2022 Threat Brief analyzing the most popular malware and cyberattack techniques.

Some of the key findings include:

• Most popular ransomware strains: After analyzing ransomware variants detected in August 2022, Bitdefender found 193 active ransomware families. The most common were:

◦ WannaCry (48% of detections) – this strain made headlines around the world when a campaign using the variant impacted organizations around the world in 2017. It was particularly infamous due to its exploitation from Eternal Blue, an exploit developed by the NSA and stolen by a group called The Shadow Brokers shortly before the attack.

◦ GandCrab (16%) – a ransomware-as-a-service strain whose authors claimed to have generated $2 billion in ransom payments before announcing their “retirement” on a cybercrime forum in 2019. Bitdefender has released the world’s first decryption tool to help victims recover their data for free in February 2018. Despite the author’s apparent retirement, the strain is still popular among attackers.

◦ Cerber (10%) – another strain of ransomware as a service where an attacker licenses the malware to the creators and shares the illicit profits with them. This strain uses the double extortion method of both encrypting victim data and exfiltrating it before threatening to make it public if the demands are not met.

• Most Popular Android Trojans: Bitdefender telemetry throughout August 2022 discovered several Trojans targeting the Android mobile operating system. The most common strains were:

◦ Downloader.DN (41% of detections): Repackaged apps pulled from Google App Store and bundled with aggressive adware. Some adware downloads other malware variants.

◦ SMSSend.AYE (23%) – Malware that attempts to register itself as the default SMS application on first run by asking for user consent. If successful, it collects incoming and outgoing messages from the user and forwards them to a command and control (C&C) server.

◦ Agent.AQQ (16%) – A malware dropper that hides a malicious, encrypted payload in an application. If it is able to bypass the phone security, it decrypts and loads the payload.

• Top spoofed domains: The research also revealed trends in homograph attacks, where attackers misuse international domain names to create websites that have URLs very similar to popular sites. The most commonly encountered spoofed websites in August were:

◦ blockchain.com (29%)
◦ myetherwallet.com (15%)
◦ facebook.com (14%)

The full research is available here https://businessinsights.bitdefender.com/bitdefender-threat-debrief-september-2022.

GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in person in three cities, bringing together people who care deeply about software and its impact on the world.

Now in its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust discussion program as local thought leaders and Thoughtworks technologists share first-hand experiences and discuss new ways to empower teams, deliver great software, and drive innovation for technology responsible.

See how we at Thoughtworks are improving technology, together.

Tickets are available now and all proceeds will be donated to Indigitek, a non-profit organization that aims to create tech employment pathways for First Nations people.

Click the button below to register and get your ticket to the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!