Advanced Threats

Learn how best to defend against today’s newest and most dangerous malware, from script malware and mobile threats to worms, and coinminer.

Cybersecurity blog: Experts insights

Malware

Classic malware can have many forms, from the common trojan that hides its malicious intent to the elusive worm that can spread through a whole company network. There are many types of malware, and attack vectors vary a lot. Malicious files are traditionally sent using email spam. However, drive-by downloads and malvertisements have established themselves as dangerous threat sources.

In most cases, the initial malware file often only has one purpose: side-load additional malware onto the breached system. 

Characteristics

Spread
Very common

Damage on infection
Varying

Typical infection source
E-Mail, web-downloads

Famous examples
Emotet, Ryuk

Mobile threats

Android and iOS malware are often underestimated, and the protection of mobile devices rarely appropriate. Especially for Android, a wealth of new threat variants are discovered every day. The majority of malicious apps can be categorized as adware, bringing unwanted advertisement and other unwanted apps or even more malware onto the device. 

More severe threats are found in the wild, such as banker, ransomware or spyware that reads personal data from a phone to silently send it to the attacker. While the total number of threats in circulation is not comparable to the amount of malware that can be encountered on Windows, the Android malware scene has been growing steadily over the last years.

Characteristics

Spread
Common

Damage on Infection
Medium to high

Typical infection source
Third-party app stores, manually installed APKs

Famous examples
Triada, Hiddad

Script malware

Alongside well-known PE (Portable Executable) malware files (typically .exe files), script malware continues to be a favorite for some malware authors. The most common found script malware would be a malicious JavaScript inside a HTML file, typically encountered online. These scripts are often hard to understand, as they are typically heavily obfuscated, making a static analysis difficult. 

This can lead to them being much stealthier than one would expect from a “plain text code”. File-less threats make use of scripting languages to directly loading the malicious code into memory instead of relying on files, bypassing traditional detection methods.

Characteristics

Spread
Common

Damage on infection
Varying

Typical infection source
Web-downloads, infected web pages, malvertisement

Famous examples
Cerber, Kovter

CoinMiners

Cryptocurrencies have reached a point where mining them locally hardly nets any return, so the fact that malware authors try to steal computing power from unsuspecting victims comes as no surprise. The market for CoinMiner malware, or cryptojackers, is big, with many different variants.

Many CoinMiners do not even need to be downloaded or installed on devices. They can lurk in otherwise clean websites, either directly embedded or hidden in malicious advertisements, mining away while the unsuspecting victim stays on the website. While they are one of the least damaging types of malware, an infected device will still degrade considerably faster due to the constant added load.

Characteristics

Spread
Very common

Damage on infection
Medium

Typical infection source
Drive-by, malvertisement

Famous example
Monero, Zcash

Exploits

Exploit is a term used when malware authors leverage security gaps – or vulnerabilities -  in software to execute malicious code. The most exploited vulnerabilities are those that have been found over the years in the Windows OS. However, other applications and operating systems have vulnerabilities that allow for attackers to take a hold of a system, such as Android, Chrome and Firefox, MacOS, Adobe Flash, the Linux kernel as well as database system such as MySQL. 

Even if vulnerabilities are patched, a lot of users fail to install these crucial updates, making their systems susceptible to various attacks. The most famous of them all is EternalBlue, a remote code execution vulnerability that was leaked in April 2017 and has been used in numerous Trojans, Worms and other malware since then.

Characteristics

Spread
Common

Damage on infection
Varying

Typical infection source
E-Mail, web-downloads, network attacks

Famous examples
EternalBlue, Capesand

Avira Social Media

Learn how Avira's threat intelligence services help you give customers proactive protection against modern threats.

 Let's work together to protect your customers.

Contact us

Experts Recommend

Children and technology: What do we know about the risks?

From celebrity children Youtubers to toddlers deftly scrolling thr...

Read more

How to spot a bot on social media

Known in the early days of the internet as “software robots”,...

Read more

How to avoid scareware scams

While regular internet users today are aware of the variety of onl...

Read more

Vulnerability update – mid 2020

In our mid-2020 vulnerability update, we will leverage the expert ...

Read more

Tech policy and ad changes in response to US elections

Here’s a scary thought: In Avira’s recent Global Elect...

Read more

TA505 targets the Americas in a new campaign

In late September 2020, researchers at Avira Protection Labs ident...

Read more