SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Bitdefender report identifies top trojans targeting Android
Tue, 30th Aug 2022
FYI, this story is more than a year old

Bitdefender has released important data from its August Bitdefender Threat Debrief (BDTD), a monthly series analysing threat news, trends, and research from the previous month.

The company analysed the top 10 trojans targeting Android in its research for July.

Downloader.DN are repacked applications taken from Google App Store and bundled with aggressive adware. According to Bitdefender, this was the most prominent trojan targeting Android at 43%.

In second was SMSSend.AYE at 33%, which is malware that tries to register as the default SMS application on the first run by requesting the user's consent.

The company also released a Ransomware Report as part of its Debrief research, analysing malware detections collected throughout July 2022 from its static anti-malware engines.

The report examines ransomware detections instead of infections and counts total cases rather than prioritising understanding the financial impact of the infection.

Bitdefender's latest research has found 205 ransomware families active in the month of July.

This figure shifts each month depending on the most up-to-date ransomware campaigns in different countries.

In July 2022, Wanna Cry was the most widely detected ransomware family, making up 37%, with Robin ranking second at 20%.

Bitdefender detected ransomware from 151 countries in its dataset this month, noting that ransomware continues to pose a global threat, leaving few places unaffected.

In addition, Bitdefender found that most ransomware attacks continue to be opportunistic, and the population size correlates with the number of detections.

This is evident in the US, which suffered the biggest ransomware impact, comprising 24% of overall detections, followed by Brazil at 17% and India at 14%.

Homograph attacks work to abuse international domain names (IDN), with threat actors creating international domain names that spoof a target domain name.

Moreover, a 'target' of IDN homograph phishing attacks refers to the domain threat actors are trying to impersonate.

Bitdefender found that blockchain.com was by far the most common target, accounting for 58% of attacks, with facebook.com, binance.com, paypal.com, and gmail.com among the other targets.

This month's Threat Debrief comes after Bitdefender released research about a new Google Play campaign that bypasses the storefront's security checks to deliver potentially malicious content and advertisements.

Once a user downloads these apps, they work to remain on devices by changing names, switching icons, and taking further steps to remain hidden.

In particular, these apps will change their icon and name to pretend to be the phone's 'Settings' app.

One of the key findings in Bitdefender's research, 'Real-Time Behavior-Based Detection on Android Reveal Dozens of Malicious Apps on Google Play Store', is that 35 apps on the Google Play Store are using techniques to bypass storefront security checks to spread potentially harmful content and advertisements.

Further, based on public numbers, these 35 apps equate to approximately two million downloads. A single app that Bitdefender discovered in this campaign had 100,000 downloads, with the others having tens of thousands.

Bitdefender's research also concludes that the campaign is likely the work of the same developer or threat actor.