Check Point Research, the research division of Check Point® Software Technologies Ltd., published the most widespread malware in Greece for July 2019.
agent Tesla – AgentTesla is a sophisticated RAT that works as a keylogger and password stealing software infecting computers since 2014. AgentTesla has the ability to monitor and collect the victim's keyboard entries and system clipboard, take snapshots screen and remove credentials from software installed on the victim's machine (including Google Chrome, Mozilla Firefox, and the Microsoft Outlook email client). AgentTesla is sold as a legitimate RAT with interested parties paying $15 – $69 for a single user license.
Lokibot - Lokibot is spying software that is mainly spread through phishing emails and is used to spy on data such as email credentials as well as passwords on electronic crypto wallets and FTP servers.
NanoCore - NanoCore is a remote access trojan that was first noticed in 2013 and is aimed at users of the Windows operating system. All versions include features such as screen capture, crypto mining, remote control and more.
Jsecoin - JavaScript mining software that can be embedded in websites. With JSEcoin, you can run the mining software directly on your browser in exchange for an ad-free browsing experience, game currencies and other incentives.
AZORult – AZORult is a trojan that collects and removes data from the infected system. Once the malware is installed on a system (usually delivered by an exploit kit like RIG), it can send saved passwords, local files, crypto-wallets and profile information computer on a remote command & control server.
XMRig – XMRig is a CPU mining software open source code used for the process production of the Monero cryptocurrency and was first seen in circulation in May 2017.
Trickbot - Trickbot is a variant of Dyre that appeared in October 2016. Since then, it has primarily targeted banking users in Australia and the United Kingdom and has recently started appearing in India, Singapore and Malaysia.
Emotet - Sophisticated modular trojan that reproduces itself. Emotet once served as a scam bank account spy and has recently been used to distribute other malware or malware propaganda campaigns. It uses many methods and avoidance techniques to stay in the system and avoid detection. In addition, it may be spread through spam phishing emails containing attachments or links to malicious content.
FormBook - FormBook is an InfoStealer that targets the Windows operating system and was first detected in 2016. It is advertised in hacking forums as a tool that has powerful avoidance techniques and relatively low prices. FormBook collects credentials from various web browsers and screenshots, monitors and records keyboards, and can download and execute files according to C & C instructions given to it.
Dorkbot - IRC-based worm, designed to allow remote execution of code by its operator, as well as downloading additional malware into the infected system, with the primary purpose of stealing sensitive information and performing denial of service attacks.
|
Family of malware |
Global impact |
Effect Greece |
|
agent Tesla |
4.74% |
15.61% |
|
Lokibot |
3.01% |
15.61% |
|
Nanocore |
5.04% |
13.50% |
|
Jsecoin |
6.40% |
12.66% |
|
AZORult |
1.29% |
12.24% |
|
XMRig |
7.62% |
8.86% |
|
Trickbot |
4.60% |
6.75% |
|
Emotet |
5.30% |
6.33% |
|
Formbook |
3.61% |
5.91% |
|
Dorkbot |
5.77% |
5.06% |
The World Threat Impact Directory and Check Point's ThreatCloud Map are based on Check Point's ThreatCloud intelligence, the largest anti-cyber crime network, which provides data on threats and trends in attacks, utilizing a global network threat detectors.
The ThreatCloud database includes more than 250 million addresses analyzed to detect bot, more than 11 million signatures of malware and more than 5,5 millions of infected sites, while recognizing millions of types of malware every day.
Check Point's Threat Prevention Resources are available on the site:
http://www.checkpoint.com/threat-prevention-resources/index.html
______________________
