Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Android Trojans and domain name attacks top July cyber threat trends

In July, Bitdefender identified 205 ransomware families as part of the company’s August Bitdefender Threat Debrief.

user icon
Fri, 26 Aug 2022
Android Trojans and domain name attacks top July cyber threat trends
expand image

Bitdefender's August Bitdefender Threat Debrief (BDTD) is a monthly series aimed to analyse threat news, trends, and research from the previous month. In July, Bitdefender researchers looked at ransomware detections, rather than infections, and counted the total cases, not how monetarily significant the impact of infection is.

Ransomware

Bitdefender analysts identified 205 ransomware families in July, with the number of detected ransomware families varying each month depending on the current ransomware campaigns in different countries. WannaCry was the most widely detected ransomware family, accounting for 37 per cent. Robin came in second at 20 per cent.

The analysts detected ransomware from 151 countries in its dataset this month as ransomware continues to be a threat that touches almost the entire world. Many ransomware attacks continue to be opportunistic, and the size of population is correlated to the number of detections. The United States was the most impacted by ransomware, accounting for 24 per cent, followed by Brazil at 17 per cent and India at 14 per cent.

Android Trojans

The global cyber security solutions company also analysed the top 10 Trojans targeting Android that the company has seen in its telemetry during July.

Downloader.DN, repacked applications taken from the Google app store and bundled with aggressive adware, was the biggest Trojan targeting Android at 43 per cent. Next was the SMSSend.AYE malware (33 per cent) that tries to register as the default SMS application on the first run by requesting the user's consent.

Homograph attacks

The Bitdefender team also analysed homograph attacks, which work to abuse international domain names (IDN). Threat actors create international domain names that spoof a target domain name. A "target" of IDN homograph phishing attacks refers to the domain that threat actors are trying to impersonate.

Blockchain.com was by far the most common target, accounting for 58 per cent of attacks, with facebook.com, binance.com, paypal.com, and gmail.com among the other targets.

[Related: Nation-state threat actors exploit machine identities to run cyber attacks]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.