Multifunctional malware not designed for specific purposes, but flexible enough to perform almost any task, is becoming more widespread, a new report found.
The report is the result of an analysis of more than 150 malware families and their modifications circulating through 60,000 botnets around the world, said officials at Kaspersky Lab.
Using Kaspersky Lab’s Botnet Tracking technology, the company’s researchers continuously monitor botnet activity to prevent potential cyberattacks or to uncover and protect from a new type of banker Trojan. The technology works by emulating a compromised device, trapping the commands received from threat actors using the botnets to distribute malware, which provides the research team with valuable malware samples and statistics.
The most distinctive growth in the first half of 2018 was from malware of a versatile nature, in particular, Remote Access Tools (RAT) malware that provides almost unlimited opportunities for exploiting the infected PC. Since the beginning of 2017, the share of RAT files found among the malware distributed by botnets rose to 12.22 percent from 6.55 percent.
Njrat, DarkComet, and Nanocore topped the list of the most widespread RATs. Due to their relatively simple structure, the three backdoors can end up modified by experienced or inexperienced threat actors. This allows the malware to be adapted for distribution in a specific region.
The only type of single-purpose malicious programs to demonstrate impressive growth within botnet networks were miners. Even though their percent of registered files is not comparable to highly popular multifunctional malware, their share increased two-fold and this fits in the general trend of a malicious mining boom as seen earlier, Kaspersky researchers said.
In addition, Trojans did not demonstrate as much growth as RATs but, their share of detected files still increased from 32.89 percent in the second half of 2017 to 34.25 percent in the first half of 2018, the report found. Similar to the backdoors, one Trojan family can be modified and controlled by multiple command and control (C&C) servers, each with different purposes, for example, cyberespionage or the stealing of credentials.
“The reason why RATs and other multipurpose malware are taking the lead when it comes to botnets is obvious: botnet ownership costs a significant amount of money and in order to make a profit, criminals should be able to use each and every opportunity to get money out of malware,” said Alexander Eremin, security expert at Kaspersky Lab. “A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans. While this ability in itself allows the botnet owner to switch between different ‘active’ malicious business models, it also opens an opportunity for a passive income: the owner can simply rent out their botnet to other cybercriminals.”
To reduce the risk of turning your devices into part of a botnet, users are advised to:
• Patch the software on PCs as soon as security updates for the latest bugs uncovered are available. Unpatched devices can be exploited by cybercriminals and connected into a botnet.
• Avoid downloading pirated software and other illegal content. These can be used to distribute malicious bots.
• Use antivirus software to protect PC’s from being infected with any type of malware – including malware used for the creation of botnets.
Click her for the full version of the report.