Malware is ‘more cunning, sophisticated, and much harder to detect’, says threat intelligence team Comodo.

The use of trojans in targeted malware campaigns increased significantly around the world in Q2 allowing for malicious actors to go relatively undetected, according to the team at Comodo Cybersecurity.

In its latest report documenting the digital threat landscape over the past three months, Comodo detected 400 million “unique malware samples” – a change from the heavy concentration on cryptominers, which had overtaken ransomware in incidents logged in Q1.

The surge and diversity in trojans, found to be most predominate in Germany, further contributed to a rise in malware overall with trojans able to efficiently and covertly spread other types of ill intended software, whether for stealing credentials or taking over entire networks.

Cybercriminals, the report found, were typically interested in sensitive information, particularly as consumers conduct financial transactions via mobile devices at an increasing rate.

Popular trojans included in the report are the TrojWare.Win32.Agent, which infiltrates a user’s computer to download malware from a malicious server, and TrojWare.JS.Clickjack, where a user is tricked into clicking on hidden links and is redirected to a malicious website.

Fatih Orhan, VP of Comodo Cybersecurity Threat Research Labs, said: “Trojans have always been a prevalent and dangerous threat, but their evolution in Q2 is particularly interesting as they are now able to hide for longer periods of time and persist, despite the efforts of some of the most efficient AV [antivirus] solutions on the market.”

He added: “Q2 has by far displayed the most sophisticated variants of trojan malware we have ever discovered.”

Trojans may have taken the spotlight with 51.2% recorded throughout 237 countries, but other offensive tactics were deployed in good measure including viruses (12.9%) and worms (6.7%).

Russia, Turkey, and India were countries noted to have the highest number of worm infections, whereas the UK had the highest proportion of vulnerable devices via a backdoor entry. The majority of viruses were detected to be coming from Ukraine and Russia, respectively.

And while cryptomining decreased, malware became better at hiding and adapting, cutting through cyber defenses primarily through phishing emails.

Comodo said: “Our findings show that malware is becoming more cunning in delivery method, sophisticated in persistence and much harder to detect by antivirus software.

“Propagation of fileless malware, the evolution of cryptominers, and using legitimate tools like PowerShell to attack are clear evidence of this uptick in sophistication.”

The quarterly analysis by Comodo aims to help steer the cybersecurity sector to practice better data hygiene for both developers and end-users, allowing them to predict where future threats may lie.


RELATED: Emotet evolves to deliver new malware strains globally