Bitdefender has released its threat debrief for July and says the most prevalent of the 192 active ransomware families was WannaCry, which accounted for 42% of detections.
GandCrab came in second at 15% and Robin at 12% of detections.
Bitdefender telemetry throughout June also discovered multiple trojans targeting the Android mobile operating system. The most prevalent were:
- Downloader.DN at 54%. Repacked applications taken from Google App Store and bundled with aggressive adware. Some adware downloads other malware variants.
- Triada.LC at 10%. Malware that gathers sensitive information about a device (Device IDs, Subscriber IDs, MAC addresses) and sends them to a malicious C&C server. The C&C server responds by sending back a link to a payload which the malware downloads and executes.
- SMSSend.AYE at 8%. Malware that tries to register as the default SMS application on the first run by requesting the consent of the user. If successful, it collects the user’s incoming and outgoing messages and forwards them to a Command & Control (C&C) server.
- Banker.ZX at 6%. Applications that disguise themselves as banking apps and can imitate conversations with customer support. When the malware runs for the first time, it asks for permissions to access contacts, microphone, geolocation, and camera. Once the permissions are granted, the malware can receive commands from the C&C server to exfiltrate sensitive data from the phone.
Bitdefender says the research also uncovered trends in homograph attacks, where attackers abuse International Domain Names to create websites with very similar URLs to popular sites.
The most commonly encountered websites being spoofed were myetherwallet.com (23%), facebook.com (21%), paypal.com (12%), and gmail.com (10%).
Bitdefender says it also detected ransomware from 156 countries in its dataset. It says ransomware continues to be a threat that touches almost the entire world. The company says the top 10 countries are:
- United States
- United Kingdom
The Bitdefender Threat Debrief (BDTD) is a monthly series analyzing threat news, trends, and research from the previous month.
Bitdefender provides cybersecurity solutions and advanced threat protection to hundreds of millions of endpoints worldwide. More than 150 technology brands have licensed and added Bitdefender technology to their product or service offerings.
This vast OEM ecosystem complements telemetry data already collected from its business and consumer solutions. Bitdefender Labs discovers 400+ new threats each minute and validate 30 billion threat queries daily. The company says this gives it one of the industry’s most extensive real-time views of the evolving threat landscape.