ESET’s Top Five Malware Discoveries of 2019

Next story
Each year on November 3, ESET celebrates Antimalware Day, honoring Frederick Cohen, Ph.D. and Leonard Adleman, Ph.D., the academics who coined the term ‘computer virus’ back in 1983. The aim of Antimalware Day is to emphasise the importance of proactive countermeasures against malware, so as 2019 draws to a close, we thought it would be helpful to show just what we are up against.

With that in mind, let’s take a look at some of the most interesting malware that ESET has uncovered this year…

1. Machete
Machete is malware that has been used in cyber-espionage operations mostly in Venezuela, but also in Ecuador, Colombia, and Nicaragua. The operators use Machete as a tool for spear-phishing, predominantly targeting government organizations, such as the military, education, police, and foreign affairs. The group behind the activity hunts for files that describe navigation routes, stealing both common office files and specialized geographic files.

Machete is delivered through targeted emails to the victim, which often contain real documents that the group has stolen previously. These emails house a link or an attachment that unleashes the malware that, once running, is able to take screenshots, log keystrokes, access the clipboard, retrieve and encrypt files, and collect the victim’s geolocation.

2. Android/Filecoder.C
This ransomware, a notable discovery following a two-year decline in instances of Android ransomware, encrypts the files on a mobile device before demanding a payment in Bitcoin for their decryption. It is distributed via online forums, where attackers use posts and comments to attract victims to a domain containing Android files for download.

If downloaded, these malware files have the capacity to not only encrypt files, but also to send text messages to the victim’s contact list. These messages, used to further spread the malware, tell the recipients that an app possesses photos of them, encouraging them to click a link to resolve this situation.

3. Android/FakeApp.KP
This malware is used to phish for login credentials to BtcTurk, a Turkish cryptocurrency exchange. It was the first malware discovered that is able to circumvent restrictions brought in by Google in March that aim to protect SMS-based two-factor authentication (2FA). 2FA is a security measure used to verify a user’s identity as, for example, when a company sends you a one-time password via text.

Instead of intercepting SMS messages, which became harder for attackers thanks to Google’s new restrictions, this malware reads the notifications that appear on a device’s display in order to obtain the one-time passwords. The malware, which impersonates the BtcTurk app, is also able to dismiss notifications, meaning that the attacker can make fraudulent transactions without the victim receiving any notification.

4. Varenyky
Varenyky is malware that distributes various types of spam, specifically targeting people in France. In July, Varenyky launched a sextortion campaign, distributed through email attachments disguised as bill documents. If the victim enables macros in the document, the computer becomes compromised, and the attacker is able to record the user’s screen. The apparent aim of this malware is to obtain evidence of the victim watching pornographic content, which can then be used for extortion.

5. KRACK for Echo and Kindle
In October, ESET discovered that many Wi-Fi enabled devices, including Amazon Echo and at least one generation of Amazon Kindle, were still vulnerable to Key Reinstallation Attacks (KRACK). KRACK vulnerabilities, which exploit weaknesses in Wi-Fi networks, were discovered in 2017 by Mathy Vanhoef and Frank Piessens.

However, this recent revelation demonstrates that, two years down the line, KRACKs still pose a real threat. The vulnerabilities discovered allow attackers to target these Wi-Fi enabled devices in order to execute Denial of Service attacks, disrupt network communications, and intercept sensitive information such as passwords.

Now that you know a bit more about the types of malware we’re up against, head to www.eset.com to find out how you can stay protected against the latest threats.