What better way to remember Easter than drawing up a list of the malware Bunny’s most ‘interesting’ offerings? Can you guess who’s the winner of this year’s (malware) egg hunt? If your answer was “trojan” then you’re right – 20 trojan strains for the April 1st – 28th interval, totaling over 25,000 positive detections – a 24.24% decrease compared to March. Here’s the April edition of Heimdal™’s threat hunting journal.
Top Malware(s) Detections: 1st of April – 28th of April
Throughout April, Heimdal™ Security’s SOC team has detected 20 types of trojans, running up to 25,976 positive detections. As mentioned our threat hunting intro, the value registered for April represents a 24% decrease in trojan-type activity, and compared to the December – March detection interval, it can be considered an all-time historical low (i.e., 28,000 for December vs. 13,751 for January vs. 10,351 for February vs. 33,000 for March). Ranking-wise, TR/CoinMiner.uwtyu raked the most detections (5,555 hits), followed by TR/Spy.Gen8 (4,160 hits), and TR/Rozena.jrrvc (2,717 hits).
As far as distribution is concerned, in April we have more newcomers compared to March, February, and January. To name a few, we have EXP/MS04-028.JPEG.A with 3,112 positive detections, HTML/Infected.WebPage.Gen2 with 1,574 positive detections,