While reports of new malware attacks happen every day, the number of new malware samples detected in the wild over the course of the last year actually decreased, according to a recent report. A decline in the amount of malware strains may sound like an improvement, but the data--shared in the annual AV-Test Security Report published by the IT-Security Institute--isn't all good news. The malware that does persist is more sophisticated than ever. The AV-Test data counted 127.5 million malware samples in 2016, nearly 12 million fewer than the 144 million samples discovered over the course of 2015--14 percent decline in year-over-year detection. Unfortunately, that drop off was coming down from a previous record-high figure for malware detection.
Home routers have become the rats to hackers' bubonic plague: An easily infected, untreated and ubiquitous population in which dangerous digital attacks can spread. Now security researchers are warning that one group of sophisticated hackers has amassed a collection of malware-infected routers that could be used as a powerful tool to spread havoc across the internet, or simply triggered to implode networks across the world. On Wednesday, Cisco's Talos security division warned of a new breed of malware it calls VPNFilter, which it says has infected at least half a million home and small business routers including those sold by Netgear, TP-Link, Linksys, MicroTik, and QNAP network storage devices. Talos believes that the versatile code is designed to serve as a multipurpose spy tool, and also creates a network of hijacked routers that serve as unwitting VPNs, potentially hiding the attackers' origin as they carry out other malicious activities. Perhaps most disturbingly, they note that the tool also has a destructive feature that would allow the hackers behind it to immediately corrupt the firmware of the entire collection of hacked routers, essentially bricking them.
The internet security company Malwarebytes just released its "State of Malware" report for the latter half of 2016. Highlights about the global distribution of malware are presented in this article. Information about specific malware threats can be found in a companion piece about the malware threat landscape. Interested readers are encouraged to read the complete report. The Malwarebytes report is based on data collected from June to November 2016.
Security researchers have discovered a new Android Remote Access Trojan (RAT) that can steal a great deal of information from infected devices. Dubbed KevDroid, the mobile threat can steal contacts, messages, and phone history, while also able to record phone calls, Talos reports. Two variants of the malware have been identified so far. One of the variants exploits CVE-2015-3636 to gain root access, but both implement the same call recording capabilities, taken from an open-source project on GitHub. Once it has infected a device, the first KevDroid variant can gather and siphon information such as installed applications, phone number, phone unique ID, location, stored contacts information, stored SMS, call logs, stored emails, and photos.
In this paper, we present a comparative analysis of benign and malicious Android applications, based on static features. In particular, we focus our attention on the permissions requested by an application. We consider both binary classification of malware versus benign, as well as the multiclass problem, where we classify malware samples into their respective families. Our experiments are based on substantial malware datasets and we employ a wide variety of machine learning techniques, including decision trees and random forests, support vector machines, logistic model trees, AdaBoost, and artificial neural networks. We find that permissions are a strong feature and that by careful feature engineering, we can significantly reduce the number of features needed for highly accurate detection and classification.