Malware forecast for 2018: More ransomware, Android & Mac viruses

Get to know the malware forecast for 2018

Malware trends for 2018

A recent analysis by SophosLabs reveals the top security threats of 2017 which are likely to grow in 2018. This year, we have seen a rise in malicious cryptocurrency miners, at least three major global ransomware outbreaks (WannaCry, Petya, Bad Rabbit[1]), numerous malware variants on Google Play Store, and series of security vulnerabilities in Windows OS software.

2017 showed us that cybercrime economy is growing so rapidly that it actually gets hard for inexperienced computer users to keep up with the latest tricks the crooks use. Nowadays, it is essential to install the latest updates and avoid any online content that looks at least a bit suspicious.

If you want to stay safe on the Internet in 2018, be aware of these critical threats of 2018. Also, it is vital to stay in the know by following the latest malware trends and especially malware distribution techniques. We also suggest you not to delay any software updates suggested by your computer or mobile operating system provider.

Having the latest copies of the operating system as well as software installed on your device helps to prevent cybercriminals from taking advantage of security vulnerabilities found in earlier versions.

Key malware trends of 2018

1. Ransomware

While in the first quarter of 2017 Cerber and Locky dominated as the most dangerous ransomware viruses, their names faded into insignificance after WannaCry, NotPetya/ExPetr, and Bad Rabbit ransomware outbreaks.

According to SophosLabs statistics, Cerber still remains one of the most prolific file-encrypting malware family which takes 44.2% of the ransomware landscape. The global cyber attack of May 2017 pushed Cerber out of the first place and guaranteed the first position for WannaCry ransomware virus, which scored 45.3% of all spotted ransomware variants in clients’ computers.

The success of WannaCry relies on the EternalBlue exploit[2] that allowed distribution of the ransomware using a vulnerability in Server Message Block (SMB) used by Windows computers.

The subsequent ransomware outbreak in June 2017 brought NotPetya/ExPetr virus known as a similar copy of the previously-known Petya ransomware. The malware developers also took advantage of the EternalBlue exploit to address a security flaw in SMB protocols and distribute the ransomware rapidly.

Finally, the third ransomware outbreak introduced Bad Rabbit ransomware which is believed to be an updated variant of the NotPetya wiper virus. The malware mainly affected Russia and Ukraine as it was distributed via dozens of compromised websites pushing fake Adobe Flash Player update.

Besides, security experts point out that the growth of the ransomware threat is directly influenced by ransomware-as-a-service. Cybercriminals have recently realized that they could turn their illegal activities into a well-paying business by allowing other criminals use their virtual extortion tools or boost their distribution across the globe.

Therefore, nowadays scammers do not even have to know how to code – they can join ransomware affiliate schemes and start generating revenue right away.

2. Android virus

In 2017, Google Play Store failed to prove that it can fix its security systems and protect its users from malicious applications. We’ve seen numerous cases of malware on the official Android app store, and while all of the dangerous apps were taken down rapidly, they still managed to infect thousands of devices worldwide. Some of the compromised applications even contained malicious Monero-mining scripts.[3]

However, even more, severe malware hides in applications downloaded from shady Internet sources. DoubleLocker ransomware, LokiBot, GhostClicker, and Sockbot are just a few of examples that target Android OS users daily.

Probably the most worrying fact is that out of all 10 million shady Android apps processed by SophosLabs, the majority (77%) turned out to be malicious. The remaining 23% are potentially unwanted applications.

3. Malware that targets Mac OS X

For many years people used to believe that Macs are not vulnerable to malware. However, despite that Macs are less popular than Windows computers, cybercriminals already started creating malware and spyware for this operating system as well. So far, the only good thing is that at the moment there are more potentially unwanted applications and spyware variants than severe malware for Macs. However, it doesn’t mean that hackers won’t create critical viruses for OS X users in the future.

Researchers report that the most active annoyances for Mac users are Advanced Mac Cleaner, TuneUpMyMac, Genieo[4], and SpiGot software. Speaking of more dangerous viruses, we must mention Mac ransomware such as MacRansom and MacSpy.

4. Windows threats

Finally, the fourth key threat is vulnerabilities in Microsoft Windows. Researchers share a list of the most exploited vulnerabilities in 2017:

  • CVE-2017-0199 (36%)[4];
  • CVE-2012-0158 (32%);
  • CVE-2016-7193 (10%);
  • CVE-2015-1641 (7%);
  • CVE-2011-0611 (4%);
  • Others (11%).

The majority of the vulnerabilities are critical as they allow cybercriminals to execute code on victim’s computer remotely. To put it simply, hackers can take advantage of these weaknesses and use them to install malicious programs on the unprotected system.

Protecting your computer from malware in 2018

Computer users are advised to follow these general security tips to avoid rampageous malware variants in 2018:

  • Keep all your programs up-to-date. However, remember that you must install software updates from official software developers’ sites only. For instance, fake updates of well-known software such as Flash Player can infect your PC with malware like Bad Rabbit.
  • Keep track of the latest Microsoft security patches and install the updates as soon as they become available.
  • Use a security software with a real-time protection feature.
  • Create a data backup.
  • Never open email attachments if you do not know the sender personally or if you did not expect to receive a message from him/her.
  • Never enable Macros function[5] in Microsoft Office documents you receive unless you are 100% that the file is safe. We highly recommend scanning such files with a security software first.
About the author
Lucia Danes
Lucia Danes - Virus researcher

Lucia is a News Editor for 2spyware. She has a long experience working in malware and technology fields.

Contact Lucia Danes
About the company Esolutions