New Malware Variants Near Record-Highs: Symantec

The number of new malware variants that emerged in February 2017 was three times higher compared to January, nearly reaching the record-high levels registered in October 2016, Symantec reports.

Last month the security company registered 94.1 million malware variants, which marks a worrying increase when compared to the 32.9 million seen in January and only 19.5 million in December. Furthermore, Symantec’s Latest Intelligence for February 2017 reveals that the Kovter malware family is the driving force behind this uptick.

The rate of email malware increased as well, reaching one in 635 emails in February, up from one in 722 the previous month. Despite that, the overall email malware rates remain low compared to previous months, most probably as the result of “a lull in activity from the Necurs botnet which has been quiet since late last year,” Symantec says.

The global spam rate registered a very small drop of only 0.1 percentage points in February, reaching 53.7% from the 53.8% registered in January. The Construction sector was hit the most, with a 59.28% spam rate, followed very closely by the Mining sector at 59.27%.

The number of web attacks blocked in February was of 394,000 per day, down slightly from 419,000 in January, Symantec says. RIG remains the most active exploit kit, with 25% share (down from 28.9% in January), followed by SunDown at 14.5% (up from 8.1% in January), Magnitude at 4.6% (down from 6.1%), Angler at 0.6% (down from 0.9%), and Neutrino at 0.5% (down from 0.8%).

One of the most notable threats discussed in February was the destructive disk-wiping malware Shamoon, which is believed to have been used by actors conducting a much wider campaign in the Middle East. According to Symantec, Shamoon was used only against specific targets, although the group has been targeting a wider range of organizations.

The number of Android malware variants per family reached 60 last month, although no new malware family was discovered. New variants of the Android.Lockdroid.E family were found last month, one designed to use speech recognition APIs and to demand victims to speak the provided unlock code instead of typing it.

Phishing attacks decreased last month as well, reaching one in 8,246 emails, down from one in 3,271 in January. The phishing rate declined across all industries, the researchers say.

“While phishing rates declined last month, we also saw a new tactic being used by smartphone thieves who are now attempting to phish their victim’s login credentials in order to unlock stolen phones. Stolen high-end smartphones can earn criminals a lot of money, but only if they can gain access to them. This latest trick shows the lengths thieves are willing to go to get into a device,” Symantec reports.

Related: Kelihos Becomes King of the Malware Mountain

Related: The State of Malware: 1 Billion Samples Under the Microscope