Study Reveals 12 New Malware Strains Created Every Minute in 2015

A new study reveals that developers behind malware strains are only ramping up their production levels, with more than 3 million unique new malware strains discovered in the first 6 months of 2015 alone.

The number of malware strains every year is growing. In 2015, the first half of the year saw G Data security labs uncover 3,045,722 new strains of malware. Already, that is nearly two-thirds more malware than discovered last year, with a jump of 64.8 percent increase in malware strains from the first half of last year. In other words, every minute on average sees 12 new malware strains developed, according to the bi-annual malware report.

Speaking to SCMagazine, security researcher at G Data, Andy Hayter notes the startling numbers are already recognized by those in the cybersecurity industry.

“It’s getting more and more complex and the bad guys are finding new ways to take advantage of the low-hanging fruit, or users who aren’t as technically aware,” he notes before adding “It’s not going away.”

Report Findings

Among other insights, the idea of ‘health care’ was the one topic visible on most malicious websites which contained campaigns with a promise of a large windfall of money. Among the other top 10 topics that figure in malicious websites, “personal advertising and dating,” made its entry into the top 10.

Related article: Hackers Infect App Store with Malware, Apple Pulls Infected Apps

The locations where most malicious and fraudulent websites are hosted remain France, China and the USA. Ukraine makes its way into the top ten list here, perhaps a nod to the instability in the region.

Banking Trojans are expected to increase for the first time since 2012, with an increased focus on trying to siphon off money from banks and financial institutions directly. An example of banking malware is the Swatbanker family that had successful email phishing campaigns targeting bank customers in Austria, Poland and Germany.

Unsurprisingly, Adobe Flash remains the most frequently abused entry point for exploits in PCs. Additionally, thanks to browsers’ “click-to-play” functionality that is commonplace these days, Java-based exploits are barely used any longer.

Another spike in malware-laced into popular software is the integration of the Nuclear Exploit kit within advertisements of a supplier producing content for Google AdSense, with the aim of infecting users in the millions.