A Whale of a Tale: HummingBad Returns

 
  Check Point researchers have found a new variant of the HummingBad malware hidden in more than 20 apps on Google Play. The infected apps in this campaign were downloaded several million times by unsuspecting users. Check Point informed the Google Security team about the apps, which were then removed from Google Play. This new variant, dubbed ‘HummingWhale,’ includes new, cutting edge techniques that allow it to perform ad fraud better than ever before.   HummingBad is a malware first discovered by Check Point on customer’s devices in February 2016. HummingBad stands out as an extremely sophisticated and well-developed malware, which employed a ...

October’s ‘Most Wanted’ Malware List Shows Attacks on the Rise

 
Check Point’s Threat Intelligence Research Team revealed today that the number of malware attacks increased in October, as the company released its monthly Global Threat Index, a ranking of the most prevalent malware families attacking organizations’ networks. The team found that both the number of active malware families and number of attacks increased by 5% during the period, pushing the number of attacks on business networks to near peak levels, as seen earlier this year. Locky ransomware attacks continued to rise, moving it up from third to second place, while the Zeus banking trojan moved up two spots, returning it to the top three. The reason for Locky’s continued growth is ...

September’s ‘Most Wanted’ Malware List: Ransomware in Top 3 for First Time

 
The Check Point Research Team revealed this week that ransomware attacks continued to rise in September. For the first time since the team launched the Threat Index, ransomware moved into the top three position of the most prevalent malware, with the Locky ransomware accounting for 6 percent of all recognized attacks globally during the month. The relative presence of ransomware attacks, within the total number of global attacks, increased by 13 percent. In line with recent trends, the number of active malware families remained high, with three new entries making the top ten, including Chanitor, a downloader for malicious payloads, the Blackhole exploit kit, and Nivdort, a multipurpose bot. ...

Top 10 Most Wanted Malware

 
Check Point Software Technologies today published its latest Threat Index, revealing the number of active malware families increased by nearly two-thirds in the first half of 2016, led by the number of threats to business networks and mobile devices. During June, Check Point detected 2,420 unique and active malware families attacking business networks, a 61 percent increase compared with January 2016 and a 21 percent increase since April.  The continued rise in the number of active malware variants once again highlights the wide range of threats organizations’ networks face, and the scale of the challenges security teams must overcome to prevent an attack on their business critical ...

DIY Attribution, Classification, and In-depth Analysis of Mobile Malware

 
The security research community has been dealing with malware attribution and classification for decades. The benefits of this process for PC-based malware are myriad and well known. Check Point has followed the same process for multiple malware campaigns during the last year, including Volatile Cedar, Rocket-Kitten, and the Nuclear Exploit Kit. In fact, the PC malware research field is so mature that many security-savvy enterprises now have their own internal teams of cyberanalysts. These teams conduct in-depth malware research as part of their incident response and threat intelligence duties with a focus on their organization’s specific needs, domains, and adversaries. However, ...

From HummingBad to Worse: New In-Depth Details and Analysis of the HummingBad Android Malware Campaign

 
For five months, Check Point mobile threat researchers had unprecedented access to the inner-workings of Yingmob, a group of Chinese cyber criminals behind the HummingBad malware campaign. HummingBad is a malware Check Point discovered in February 2016 that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps. Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organized with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components. Download our report “From HummingBad to Worse” ...

Top 10 Most Wanted Malware

 
Today Check Point published its Threat Index for May, revealing the number of active global malware families increased by 15 percent. Last month Check Point detected 2,300 unique and active malware families attacking business networks. It was the second month running Check Point observed an increase in the number of unique malware families, having previously reported a 50 percent increase from March to April. The continued rise in the number of active malware variants highlights the wide range of threats and scale of challenges security teams face in preventing an attack on their business critical information. In May, Conficker was the most prominent family accounting for 14 percent of ...