Malwarebytes State of Malware 2019

In the business area, Trojan-turned-botnets Emotet and TrickBot returned in 2019 to terrorise organisations alongside new ransomware families, such as Ryuk, Sodinokibi, and Phobos.

Malwarebytes State of Malware 2019

A flood of hack tools and registry key disablers made a splashy debut in our top detections. This reflects a greater sophistication by today’s business-focused attackers.

iOS summary

iOS malware exists, but there’s no way to scan for it (Apple will not allow AV companies access). Most iOS malware is nation-state malware, spread via targeted attacks through ‘secret’ iOS vulnerabilities/backdoors, such as NSO’s Pegasus spyware. This year China used iOS zero-days to infect phones in targeted attacks against the Uyghur and Hong Kong people.


An unprecedented zero-day vulnerability dubbed checkm8 was found in iPhone boot ROMs (up to iPhone X) as well other iOS, watchOS, and tvOS devices. You cannot patch a boot ROM; the only way to fix the bug is to buy a new iPhone 11 or device.

Android Summary

There are two types of Android malware, and one is extremely devious.

Pre-installed Malware – needs access to a device at the manufacturer level

Adups is a malicious app found on many Chinese-made low-cost Android mobiles. This baked-in auto-installer has administrator rights to update the device’s firmware, but it also steals personal information, contacts, SMS, photos and more. It can install Android Trojans and adware.


It is most prevalent on ‘international’ (non-Australian certified) phones sold by online marketplaces like Amazon, Kogan/Dick Smith, Mobileciti etc. or for phones purchased overseas.

Run Malwarebytes to see if it is on your phone. It is damned hard to remove as its ‘baked-in’ and often reoccurs randomly. There is a strong rumour that it is linked directly to the Chinese Communist Party as is ‘Study the Great Nation’ app.

Great Nation


Stalkerware (for iOS and Android)

The new threat is stalkerware. Apps that enable users to monitor another’s every digital move. That includes collecting data without their informed consent: GPS location data, photos, emails, text messages, call logs, contacts lists, non-public social media activity, and more.


Some stalkerware apps are installed without displaying an icon or remotely operate a user’s device, microphone, or camera. With over 100 new variants added in 2019, we are taking an even harder stance on these creepy apps, some of which still appear in Google Play and Apple’s iTunes stores.

Adware is an ongoing issue as the entire monetary basis of Android is serving ads. Symptoms are the aggressive display of advertisements including but not limited to: ads in notifications, on the lock screen, and full-screen pop-ups. Much of this comes in so-called Ad-blockers and other fake apps.


Web threats

You can get an infection simply by visiting an infected website- called Drive-By Shootings.


It may be a combination of a phishing email (with a compromised Word.doc or steganographic image) directing you to a website where the final payload downloads and combines to form malware. Or you may be using an old version of IE or even Chrome (including the new MS Chromium-based Edge), less so with Firefox.

Adware on old Windows

Online shoppers are the target of credit card skimmers/scrapers, also known as web skimmers. More generally referenced as Magecart. Unlike other attacks that often require infection (banking Trojans) or social engineer them (phishing), web skimming works quietly on all devices and browsers. This makes it particularly effective and scalable to harvest and monetise stolen credit cards.

Malvertising takes control of your search engine and redirects you to advertising pages.