ESET celebrates Antimalware Day

Today, we celebrate Antimalware Day, founded by ESET two years ago, to honor the visionary work of Fred Cohen, Ph.D. and his advisor, Professor Len Adleman PhD., which laid the cornerstone for future research into computer threats.

ESET is marking this year’s celebration by taking a look at some of the most pertinent malware discoveries of the year 2019, in order to emphasize the importance of taking proactive countermeasures against malware and of implementing cybersecurity best practices.

Machete is malware that has been used in cyberespionage operations primarily in Venezuela, but also in Ecuador, Colombia, and Nicaragua. The operators use Machete as a tool for spearphishing, predominantly targeting government organizations, such as the military, education, police, and foreign affairs. Once the malware is unleashed via email, it can take screenshots, log keystrokes, access the clipboard, retrieve and encrypt files, and collect the victim’s geolocation.

Discovered after a two-year decline in instances of Android ransomware, Android/Filecoder.C encrypts the files on a mobile device before demanding a payment in Bitcoin for their decryption. Distributed via online forums, these malware files have the capacity to not only encrypt files, but to also send text messages to the victim’s contact list.

This malware is used to phish for login credentials to BtcTurk, a Turkish cryptocurrency exchange. It was the first malware discovered that is able to circumvent restrictions brought in by Google in March 2019, which aimed to strengthen SMS-based two-factor authentication (2FA). Instead of intercepting SMS messages, which became harder for attackers thanks to Google’s new restrictions, this malware reads the notifications that appear on a device’s display in order to obtain the one-time password.

In July, Varenyky launched a sextortion campaign in France, distributed through spam email attachments disguised as bill documents. Once the victim enables macros on the attached document, the computer becomes compromised, and the attacker is able to record the user’s screen. The apparent aim of this malware is to obtain evidence of the victim watching pornographic content, which can then be used for extortion.

5.KRACK for Echo and Kindle
In January 2019, after more than a year of extensive additional research, ESET reported that many Wi-Fi enabled devices, including Amazon Echo and at least one generation of Amazon Kindle, were still vulnerable to Key Reinstallation Attacks, or KRACK(s), two years after the initial discovery. The vulnerabilities allowed attackers to execute Denial of Service attacks, disrupt network communications, and intercept sensitive information such as passwords.