Kaspersky Labs has revealed that financial malware rose 15.6% from Q1 to Q2 during this year, which it believes is partly due to two leading trojan authors joining forces.
Financial malware is evolving through a collaboration between malware creators, according to the results of Kaspersky Lab’s IT threat evolution Report for Q2. During the quarter Kaspersky Lab products blocked 1,132,031 financial malware attacks on users, a rise of 15.6% compared to the previous quarter. One of the reasons for the rise is the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware.
Banking Trojans remain the most dangerous online threats. These malware are often propagated via compromised or fraudulent websites and spam emails and, after infecting users mimic an official online banking page in an attempt to steal users’ personal information, such as bank account details, passwords, or payment card details.
According to the Kaspersky Lab statistics for the quarter, Turkey became the country most attacked by this type of malware: 3.45% of Kaspersky Lab product users in the country encountered such an online threat during the quarter. Russia was in second place, the target of 2.9% of online threats, followed by Brazil with 2.6%. The Olympic Games are likely to push Brazil up the attack list in Q3.
The main culprits were the Gozi and Nymaim banking Trojans, with the authors of both joining forces. The Nymain Trojan was initially designed as ransomware, blocking access to users’ valuable data and then demanding a ransom to unblock it. However, the latest version includes banking Trojan functionality from Gozi source code that provides attackers with remote access to victims’ PCs. Additional, and apparently also joint efforts have been put into the distribution of this malware and this cooperation pushed both into the top 10 financial malware rating. Gozi took second place with 3.8% of users whose security software triggered a financial malware detection, while Nymaim took sixth place with 1.9%. The list of financial malware continues to be led by Zbot. 15.17% of those hit by financial malware were attacked with this Trojan.
“Financial malware are still active and developing rapidly. New banking Trojans have significantly extended their functionality by adding new modules, such as ransomware. If criminals do not succeed in stealing users’ personal data, they will encrypt it and demand a ransom. Yet another example is the Neurevt Trojan family. This malware was used not only to steal data in online banking systems, but also to send out spam. We at Kaspersky Lab are responding to this situation by expanding and sharpening the way we detect and classify financial malware – so that we can block it even faster,” notes Denis Makrushin, Security expert at Kaspersky Lab.
Samsung unfolds the future
At the #Unpacked launch, Samsung delivered the world’s first foldable phone from a major brand. ARTHUR GOLDSTUCK tried it out.
Everything that could be known about the new Samsung Galaxy S10 range, launched on Wednesday in San Francisco, seems to have been known before the event.
Most predictions were spot-on, including those in Gadget (see our preview here), thanks to a series of leaks so large, they competed with the hole an iceberg made in the Titanic.
The big surprise was that there was a big surprise. While it was widely expected that Samsung would announce a foldable phone, few predicted what would emerge from that announcement. About the only thing that was guessed right was the name: Galaxy Fold.
The real surprise was the versatility of the foldable phone, and the fact that units were available at the launch. During the Johannesburg event, at which the San Francisco launch was streamed live, small groups of media took turns to enter a private Fold viewing area where photos were banned, personal phones had to be handed in, and the Fold could be tried out under close supervision.
The first impression is of a compact smartphone with a relatively small screen on the front – it measures 4.6-inches – and a second layer of phone at the back. With a click of a button, the phone folds out to reveal a 7.3-inch inside screen – the equivalent of a mini tablet.
The fold itself is based on a sophisticated hinge design that probably took more engineering than the foldable display. The result is a large screen with no visible seam.
The device introduces the concept of “app continuity”, which means an app can be opened on the front and, in mid-use, if the handset is folded open, continue on the inside from where the user left off on the front. The difference is that the app will the have far more space for viewing or other activity.
Click here to read about the app experience on the inside of the Fold.
Password managers don’t protect you from hackers
Using a password manager to protect yourself online? Research reveals serious weaknesses…
Top password manager products have fundamental flaws that expose the data they are designed to protect, rendering them no more secure than saving passwords in a text file, according to a new study by researchers at Independent Security Evaluators (ISE).
“100 percent of the products that ISE analyzed failed to provide the security to safeguard a user’s passwords as advertised,” says ISE CEO Stephen Bono. “Although password managers provide some utility for storing login/passwords and limit password reuse, these applications are a vulnerable target for the mass collection of this data through malicious hacking campaigns.”
In the new report titled “Under the Hood of Secrets Management,” ISE researchers revealed serious weaknesses with top password managers: 1Password, Dashlane, KeePass and LastPass. ISE examined the underlying functionality of these products on Windows 10 to understand how users’ secrets are stored even when the password manager is locked. More than 60 million individuals 93,000 businesses worldwide rely on password managers. Click here for a copy of the report.
Password managers are marketed as a solution to eliminate the security risks of storing passwords or secrets for applications and browsers in plain text documents. Having previously examined these and other password managers, ISE researchers expected an improved level of security standards preventing malicious credential extraction. Instead ISE found just the opposite.
Click here to read the findings from the report.