Examining the resurrection of Emotet, increased coinminer activities, decreased ransomware, growing technical support scams and more
Earlier this week, Avast Threat Labs released the Q4 2021 Threat Report, which provides extensive coverage of major trends and events within the cybersecurity landscape that took place from October to December 2021.
In the report, our team has revealed an immediate exploitation of the Log4j vulnerability by coinminers, RATs, botnets, ransomware, and APTs putting CISO departments under pressure in December 2021. Furthermore, we observed the revival of the Emotet botnet as well as a 40% rise in coinminers, posing risks for consumers and businesses alike. At the same time, Avast saw less ransomware and remote access trojan (RAT) activity.
“Towards the end of the year, the extremely dangerous, ubiquitous, and easy to abuse Log4j vulnerability made CISO departments sweat, and rightly so, as it was weaponized by attackers spreading everything from coinminers to bots to ransomware,” said Jakub Kroustek, Avast Malware Research Director.
“On the other hand, we are happy to report decreases in RAT, information stealer, and ransomware attacks. The havoc ransomware caused in the first three quarters of 2021 triggered a coordinated cooperation of nations, government agencies, and security vendors to hunt down ransomware authors and operators, and we believe all of this resulted in a significant decrease in ransomware attacks in Q4/2021. The ransomware risk ratio decreased by an impressive 28% compared to Q3/2021. We hope to see a continuation of this trend in Q1/2022, but we are also prepared for the opposite.”
Adware, coinminers, and tech support scams targeting consumers
The report dives into our team’s findings of increased instances of adware, desktop technical support scams, and subscription scams and spyware on Android devices, all with consumers as their primary target.
In the world of crypto, the number of coinminers increased by 40% while the price of Bitcoin increased near the end of 2021. These coinminers often spread via infected web pages and pirated software. CoinHelper was one of the prevalent coinminers active throughout the quarter, mostly targeting users in Russia and the Ukraine.
Despite observing multiple cryptocurrencies configured to be mined, including Ethereum and Bitcoin, Monero stood out to Avast researchers in particular. Monero is designed to be anonymous; however, the wrong usage of addresses and the mechanics of how mining pools work, enabled our researchers to gain deeper insights into the malware authors’ Monero mining operation. As of November 29,2021, our team found that the total monetary gain from the CoinHelper coinminer was $339,694.86.
Avast Threat Labs also observed a spike of tech support scams, which trick victims into believing they have a technical problem and scam them into calling a hotline, where they will be scammed to pay high support fees or grant remote access to their system.
Premium SMS scams and spyware stealing Facebook credentials spread on mobile devices
Our team has noted two mobile threats in the report: UltimaSMS and Facestealer. UltimaSMS, a premium SMS subscription scam, resurfaced in the last few months. In October, UltimaSMS apps were available on the Google Play Store, mimicking legitimate applications and games, often featuring catchy adverts.
Facestealer, spyware designed to steal Facebook credentials, also resurfaced on multiple occasions during Q4 2021. The malware masquerades as photo editors, horoscopes, fitness apps and others.
This is a quick snapshot of the detailed topics covered by our team’s latest research. For more detailed information, have a read through the full report.