‘McAfee Labs Threats Report’ Explores Malware Evasion Techniques, Digital Steganography, Password-Stealer Fareit

We got a little carried away in the McAfee Labs Threats Report: June 2017, published today. This quarter’s report has expanded to a rather hefty 83 pages! It contains three highly educational topics, in addition to the usual set of threats statistics:

  • We broadly examine evasion techniques and how malware authors use them to accomplish their goals. We discuss the more than 30-year history of evasion by malware, the underground market for off-the-shelf evasion technology, how several contemporary malware families leverage evasion techniques, and what to expect in the future, including machine-learning and hardware-based evasion.
  • We explore the very interesting topic of steganography in the digital world. Digital steganography hides information in benign-looking objects such as images, audio tracks, video clips, or text files. Of course, attackers use these techniques to move information past security systems. We explain how that happens in this key topic.
  • We deconstruct Fareit, the most famous password-stealing malware. We cover its origins, typical infection vectors, architecture and inner workings, how it has changed over the years, and how it was likely used in the breach of the Democratic National Committee before the 2016 U.S. Presidential election. Coincidentally, DocuSign reported that on May 15, customer email addresses were stolen and then used in a phishing campaign. Victims who clicked on the phishing links were infected with malware, one of which was Fareit. Read our technical analysis of the DocuSign attack.

Accompanying each of these key topics is a Solution Brief that goes into detail about how McAfee products can protect against these threats.

Here are some highlights from our extensive analysis of threats activity in Q1:

  • Malware: New malware samples rebounded in Q1 to 32 million. The total number of malware samples increased 22% in the past four quarters to 670 million samples.
  • Ransomware: New ransomware samples rebounded in Q1 primarily due to Congur ransomware attacks on Android OS devices. The number of total ransomware samples grew 59% in the past four quarters to 9.6 million samples. (We will discuss the WannaCry ransomware in our next quarterly report.)
  • Mobile malware: Reports from Asia doubled in Q1, contributing to a 57% increase in global infection rates. Total mobile malware grew 79% in the past four quarters to 16.7 million samples.
  • Incidents: We counted 301 publicly disclosed security incidents in Q1, an increase of 53% over Q4. The health, public, and education sectors comprised more than 50% of the total. 78% of all publicly disclosed security incidents in Q1 took place in the Americas.

Read the McAfee Labs Threats Report: June 2017.

Leave a Comment

17 − nine =