2018: the year malware got versatile

Malware became more versatile in the first half of this year, according to a report on botnet activity by Kaspersky Lab.

It shows that multifunctional malware - not designed for specific purposes, but flexible enough to perform almost any task - was more widespread between January and the end of June.

More than 150 malware families circulating through 60,000 botnets around the world were analysed as part of the report.

It found that the most distinctive growth in the first half of 2018 was from the versatile Remote Access Tools (RAT) malware, which provides almost limitless opportunities for exploiting an infected PC.

Since the start of 2017, the share of RAT files found among the malware distributed by botnets has almost doubled, rising from 6.55 per cent to 12.22 per cent, with Njrat, DarkComet, and Nanocore ranking as the most widespread RATs.

The report found that trojans did not demonstrate as much growth as RATs, but their share of detected files still grew from 32.89 per cent in the second half of 2017 to 34.25 per cent in the first half of this year.

Alexander Eremin, security expert at Kaspersky Lab, said RATs were taking the lead because botnet ownership costs a significant amount of money and, to make a profit, criminals need to be able to work harder and be more opportunistic to get money out of malware.

“A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking trojans,” he added.

“While this ability in itself allows the botnet owner to switch between different ‘active’ malicious business models, it also opens an opportunity for a passive income: the owner can simply rent out their botnet to other cyber criminals.”