MACBOOK USERS are increasingly being targeted by malware and backdoors, according to Malwarebytes' analysis of cyber crime and malware in the first quarter of 2017.
Chief among this surge in macOS threats is the FindZip Mac ransomware, for which even the developers don't have a decryption key, leaving users high and dry after ransom has been paid.
And while the Locky ransomware "dropped off the map", according to Malwarebytes, ransomware continued to surge, with the Cerber ransomware-as-a-service taking over as "the top dog" as far as distribution is concerned.
"It's spread is largely because the creators have not only developed a superior ransomware with military-grade encryption, offline encrypting, and a slew of new features, but by also making it very easy for non-technical criminals to get their hands on a customised version of the ransomware," warns the report.
Cerber has also adapted and evolved, which is why it now accounts for nine-in-ten of all ransomware infections, according to Malwarebytes. The sophistication of those techniques indicate the technical know-how of the people behind Cerber.
"Security vendor Trend Micro recently released its analysis of a new Cerber variant that not only attempts to evade anti-virus solutions that employ machine learning, but also detects if the malware is executing within a sandbox or virtual machine.
"Basically, this version of Cerber is distributed via phishing emails. These emails include a link to a Dropbox folder to download a self-extracting archive file that has three files inside, each one individually not very dangerous, but designed to work together to execute Cerber functionality," warns Malwarebytes.
In mobile, two particular malware families have been causing trouble on Android. HiddenAds.lck prevents users from being able to remove the app. It raises money for its creators by pumping out adverts. Jisut, meanwhile, is nastier and more expensive: the mobile ransomware family "has been spreading like wildfire", according to Malwarebytes.
Malicious spam campaigns have also started utilising password-protected zipped files and protected Office documents to evade auto-analysis sandboxes used by security researchers. There has also, this week, been a surge in malware bidding to take advantage of the newly publicised OLE [object, linking and embedding] security flaws in Microsoft Office - although this flaw was first discovered being exploited in the wild in January.
That includes, this week, an exploit that seeks to propagate the Dridex malware, which has been widely used in online banking scams.
In the current quarter, Malwarebytes anticipates that Cerber will continue to grow in terms of usage "due to new developments made to the malware design and its continued use of the ransomware as a service model".
"With the chaotic and dynamic nature of the cybercrime world, especially as observed over the last six months, we can expect a very interesting year and predict some serious changes with ransomware distribution and market share by the end of the summer," it said.
Indeed, ransomware doesn't just dominate the malware landscape, it continues to grow, accounting for just over 60 per cent of all malware distributed in March 2017, up by ten percentage points compared only to January. µ
Windows 10, 64-bit OS devices susceptible to rootkit attack
Malware suite likened to Stuxnet worm
Not the biggest fish out there
Redmond says figure is closer to the five million mark