Top 10 malware impacting Australians - Check Point
Emotet, Formbook and Trickbot have remained the top three malwares affecting Australians in the month of February, according to new research.
Check Point Research, the threat intelligence arm of Check Point Software, has published its latest Global Threat Index for February 2022.
In February, the top three malwares Emotet, Formbook and Trickbot have remained in the same position, the report found. CPR is currently seeing a number of malwares, including Emotet, take advantage of public interest on the Russia-Ukraine conflict by creating email campaigns on the topic that lure people into downloading malicious attachments.
COR says that Emotet has indeed spreading this with emails that contain malicious files and the subject Recall: Ukraine -Russia Military conflict: Welfare of our Ukrainian Crew member.
Top 10 Malware impacting Australia for February:
Emotet, 2.69% (percentage of Australian cyber incident cases impacted by this specific malware)
Emotet is an advanced, self-propagating and modular Trojan that was once used as a banking Trojan, and currently distributes other malware or malicious campaigns. Emotet uses multiple methods for maintaining persistence and evasion techniques to avoid detection and can be spread via phishing spam emails containing malicious attachments or links.
Formbook, 2.13% (percentage of Australian cyber incident cases impacted by this specific malware)
FormBook is an Infostealer targeting the Windows OS and was first detected in 2016. It is marketed as Malware as a Service (MaaS) in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C.
Trickbot, 1.12% (percentage of Australian cyber incident cases impacted by this specific malware)
Trickbot is a modular banking Trojan, attributed to the WizardSpider cybercrime gang. Mostly delivered via spam campaigns or other malware families such as Emotet and BazarLoader. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules, including a VNC module for remote control and an SMB module for spreading within a compromised network. Once a machine is infected, the threat actors behind this malware, utilise this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organisation itself, prior to delivering a company-wide targeted ransomware attack.
Ryuk, 1.12% (percentage of Australian cyber incident cases impacted by this specific malware)
Ryuk is a ransomware used by the TrickBot gang in targeted and well-planned attacks against several organisations worldwide. The ransomware was originally derived from the Hermes ransomware, whose technical capabilities are relatively low, and includes a basic dropper and a straight-forward encryption scheme. Nevertheless, Ryuk was able to cause severe damage to targeted organisations, forcing them to pay extremely high ransom payments in Bitcoin. Unlike common ransomware, systematically distributed via massive spam campaigns and Exploit Kits, Ryuk is used exclusively in tailored attacks.
SnakeKeylogger, 0.90% (percentage of Australian cyber incident cases impacted by this specific malware)
Snake is a modular .NET keylogger and credential stealer first spotted in late November 2020; Its primary functionality is to record users keystrokes and transmit collected data to the threat actors. Snake infections pose a major threat to users' privacy and online safety, as the malware can steal virtually all kinds of sensitive information and it is a particularly evasive and persistent keylogger.
Vidar, 0.78% (percentage of Australian cyber incident cases impacted by this specific malware)
Vidar is an infostealer that targets Windows operating systems. First detected at the end of 2018, it is designed to steal passwords, credit card data and other sensitive information from various web browsers and digital wallets. Vidar is sold on various online forums and used as a malware dropper to download GandCrab ransomware as its secondary payload.
FluBot, 0.78% (percentage of Australian cyber incident cases impacted by this specific malware)
FluBot is an Android malware distributed via phishing SMS messages (Smishing), most often impersonating logistics delivery brands. Once the user clicks the link inside the message, they are redirected to the download of a fake application containing FluBot. Once installed the malware has various capabilities to harvest credentials and support the Smishing operation itself, including uploading of the contacts list, as well as sending SMS messages to other phone numbers.
RigEK, 0.67% (percentage of Australian cyber incident cases impacted by this specific malware)
The oldest and best known of the currently operating Exploit Kits, RigEK has been around since mid-2014. Its services are offered for sale on hacking forums and the TOR Network. Some entrepreneurs even re-sell low-volume infections for those malware developers not yet big enough to afford the full-fledged service. RigEK has evolved over the years to deliver anything from AZORult and Dridex to little-known ransomware and cryptominers.
Tofsee, 0.67% (percentage of Australian cyber incident cases impacted by this specific malware)
Tofsee is a Trickler that targets the Windows platform. This malware attempts to download and execute additional malicious files on target systems. It may download and display an image file to a user in an effort to hide its true purpose.
Yakes, 0.56% (percentage of Australian cyber incident cases impacted by this specific malware)
Yakes is a Trickler that targets the Windows platform. This malware creates a new process of svchost and injects malicious code into it. The malicious code is responsible for contacting a remote server, expecting to receive base64 encoded data. This data represents an URL to download malware on the infected system.
Banload, 0.56% (percentage of Australian cyber incident cases impacted by this specific malware)
Banload is a downloader Trojan that downloads unwanted files from remote servers into the victims machine.
Malware families Vidar and Flubot were tied in 6th place, RigEK and Tofsee were tied in 8th place, and Yakes and Banload were tied in 10th place.