ThreatMetrix US Patents Press Releases

ThreatMetrix Identifies the Most Prominent Malware Trends and Predictions for 2012

Posted April 4, 2012

The Integration of Malware Protection and Device Identification Provides Businesses with a First Layer of Defense in the Battle Against Cybercrime

San Jose, CA – April 4, 2012 – ThreatMetrix™, the fastest-growing provider of integrated cybercrime prevention solutions, announced today that it has identified the most threatening malware trends and organizational transformations that could wreak havoc on businesses in 2012. These include more innovative Trojan attacks, the growth of Man-In-The-Browser (MitB) page injections, the rising popularity of mobile transactions and Bring-Your-Own-Device (BYOD).

“In the last year, we have seen a significant increase in sophisticated MitB Trojan activities targeting financial institutions, payment processors, governments and online businesses,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “Additionally, cybercriminals are evolving beyond their traditional financial institution targets to now include alternative payment methods and digital currencies.”

Technologies such as Facebook credits, Amazon gift cards or payment services – where you can transfer money via email – will become the new targets. Based on the high success rates of these targeted attacks, we expect this trend to grow exponentially in 2012, posing significant risks to businesses and institutions – particularly for organizations that continue to rely on traditional solutions for cybercrime prevention, added Baumhof.

Malware continues to grow in terms of infection rate and new targets. Last year, there were 25 million new, unique strains of malware released and that number is projected to grow to 87 million by the end of 2015, according to the Aite Group. The shift toward BYOD workplace practices contributes to increased risk that corporate assets will be lost in addition to traditional attacks on e-commerce.

As malware continues to become more prevalent, ThreatMetrix has identified other trends and predictions for 2012:

• Malicious Trojans will spread in more innovative ways. Social networks, such as Facebook and Twitter, open up new ways for cybercriminals to spread malware in addition to ‘traditional’ drive-by-downloads, which compromise well-known websites by distributing Trojans automatically. Well-known Twitter accounts are increasingly being infiltrated and used for malware distribution. The Carberp Trojan was distributed in 2010 on a recognized news website in the Netherlands, which pushed infection rates into the hundred-thousands.

• More MitB page injections. More fraudsters will employ MitB techniques to add malicious content – such as JavaScript – to a legitimate website, regardless of the Trojan used. The focus will turn away from solely financial institutions towards alternative payment methods, merchants and government, but also to social networking sites and identity theft in general.

• Mobile is the new target. The growth in mobile banking and mobile commerce will make mobile devices a big target for fraudsters. According to Baumhof, mobile devices are already targeted to defeat SMS-based two-factor authentication for Internet banking (Mitmo Trojan). Due to the open nature of the Android operating system, malware can spread quickly and Trojans can easily hijack existing applications (DKFBootKit). Furthermore, we see more and more sophisticated malware such as remote-controlled banking Trojans (Android/ FakeToken.A) or even rootkits.

• Bring-Your-Own-Device (BYOD) trend increases risks. The BYOD trend in today’s corporate networks is opening the door for cybercriminals. They are becoming more adept at planting malware that turns employees into unwitting attackers of their own companies or accounts. While historically businesses needed to be vigilant about links from strange emails, BYOD is contributing to today’s malware threats through shared devices, search engine poisoning, image searches, hidden URLs, syndicated advertisements, and more.

• Security and fraud are converging. Many corporate assets are protected behind a corporate firewall with rigorous access control. The advent of cloud computing and an increased use of non-corporate owned computers – such as BYOD – have moved these assets outside of the corporate environment and into the ‘cloud.’ This effectively turns the security paradigm upside-down and shifts it to a fraud problem which many enterprises haven’t been able to successfully protect.

“The best protection against this year’s slate of malware threat is to treat fraud prevention and malware detection in a single context,” said Baumhof. “Apart from the protection itself, one of the biggest benefits is that it provides an early warning system, which produces crucial information for all targeted systems.”

For more information, download the latest ThreatMetrix™ Labs Report or visit

About ThreatMetrix

ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government and insurance.

For more information, visit or call 1-408-200-5755. Join the cybersecurity conversation by visiting the ThreatMetrix blog, Twitter, LinkedIn and Facebook pages.

© 2016 ThreatMetrix. All rights reserved. ThreatMetrix and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.


Media Contacts:

Dan Rampe
Tel: 408-200-5716

Meghan Reilly
Walker Sands Communications
Tel: 312-445-9926

close btn