New ransomware down, rootkits up, says McAfee report

For several years the number of new Windows rootkits has been dropping for a variety of reasons, including the added protection in 64-bit processors and operating systems.

But a new report from McAfee Inc. says it has detected an increase in rootkits, although they were built around a single 32-bit family.

Nevertheless, it concludes that attackers have learned how to hijack root-level digital certificates, exploit existing kernel vulnerabilities, and find ways around 64-bit security safeguards. “We believe new 64-bit bypass techniques will soon lead to an increase in rootkit-based attacks,” the report says.

That’s one of the conclusion in the quarterly report issued Tuesday on recent cyberthreat trends.

Not unexpectedly, a section also mirrors a trend spotted by other security researchers that mobile malware continues to rise. This means, McAfee argues, that it isn’t enough for mobile operating system creators to increase platform protection: Mobile app developers have to do a better job protecting their apps, it says. At the same time mobile users have to shoulder more responsibility by being more careful when granting permission from apps to access to their data.

App stores also have to get tougher, the report adds, ensuring that all data access comes only from authenticated and authorized client apps.

McAfee says it has found a suspicious Android app, dubbed Android/BadInst.A, on the Google Play store that automatically downloads, installs and launches other apps without user permission, which is usually required when manually installing apps from the store. The communications protocol used between the Google Play server and the service app on mobile devices isn’t documented, McAfee notes. It suspects the developer reverse-engineered the protocol. The obtained authorization tokens can be used for other Google services other than Google Play, so malware could easily lead to user information leaks and impersonation, McAfee concludes.

Another Android app is a Trojan that disguises itself as an update for Adobe Flash Player or another legitimate utility app and exploits a security flaw in a digital wallet to steal money. There’s also a Trojan that exploits an encryption method weakness in the messaging app What’sApp. The vulnerability has since been fixed.

One puzzling trend is that the number of new ransomware samples dropped for the third straight quarter. Good news? Probably not. Like the pattern seen in rootkits, exploits rise and fall. Expect the same here.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now