Global Malware Trends Q2 2017: ransomware, mobile malware, and banking Trojans

Global Malware Trends Q2 2017: ransomware, mobile malware, and banking Trojans snapshot

Ransomware takes the top position in the most prevalent malware list

2017 is certainly a successful year for cyber criminals. Statistics shared by several security companies show that malware activity has significantly increased if compared to 2016. Although each company provided slightly different numbers, it is clear what malware types were the most prevalent in the second quarter of 2017.

Not surprisingly, ransomware takes the top positions in the most prevalent desktop malware charts. There is no doubt that WannaCry and NotPetya outbreaks helped to push this malware category to the top. According to Check Point, the most prevalent ransomware globally are:

Surprisingly, none of the ransomware charts include Petya/NotPetya. According to experts, NotPetya’s attack was localized and affected fewer computers than WannaCry did.

Kaspersky shared a slightly different report. The security company lists these ransomware variants as the most prevalent ones: WannaCry, Locky, Cerber, Jaff, ACCDFISA, Spora, ExPetr, Shade, Globe Imposter.

Security experts agree that the most popular techniques to spread these viruses remained the same – it is email spam, exploit kits. The majority of ransomware gets downloaded and executed by Macros in Word documents or PowerShell scripting tools.

Top mobile malware of Q2 2017

Check Point has also shared their insights on mobile malware. According to them, the list of most active mobile threats looks like this:

  • Hiddad (10%);
  • HummingBad (8%);
  • Triada (7%);
  • Lotoor (7%);
  • Ztorg (6%);
  • XcodeGhost (5%);
  • Other (57%).

We are not surprized to see HummingBad in the chart – the malware managed to get onto Google Play Store in the past, which obviously accelerated its distribution. According to Kaspersky, the most affected countries were Iran, China, and Bangladesh, followed by Indonesia and Algeria.

The most prevalent banking malware chart

Another highly active malware family was banking trojans. Check Point shared some graphs illustrating which of the viruses were the most prevalent on a global scale:

These banking malware variants are not new – especially Zeus. This infamous virus is active since 2007. The virus dominates in all world’s regions without an exception.

Some more facts from the reports

Reports prepared by security experts reveal even more interesting facts about the growth of malware and cybercrime.

  • According to Checkpoint, the line between adware and malware fades – Fireball malware is a perfect example for that. The security firm claims that it was the second most prevalent malware globally in Q2 2017 after RoughTed;
  • Proofpoint confirmed that ransomware was the main payload found in 68% malicious emails containing malware;
  • Exploit kits are one of the main tools used to spread ransomware. Apparently, RIG exploit kit is the most used one;
  • Kaspersky Lab shared an interesting fact: the main hosts for malware are located in US and Netherlands.