Check Point Research, the research division of Check Point® Software Technologies Ltd., released the most widespread malware in Greece for 2019 in July.
agent Tesla - AgentTesla is a sophisticated RAT that has been operating as a keylogger and password-stealing software infecting computers since 2014. AgentTesla has the ability to monitor and collect victim's keyboard entries and system clipboard, take screenshots and view removes credentials from software installed on the victim's machine (including Google Chrome, Mozilla Firefox, and Microsoft Outlook email client). AgentTesla is sold as a legal RAT with interested parties paying $ 15- $ 69 for a user license.
Lokibot - Lokibot is spying software that is mainly spread through phishing emails and is used to spy on data such as email credentials as well as passwords on electronic crypto wallets and FTP servers.
NanoCore - NanoCore is a remote access trojan that was first noticed in 2013 and is aimed at users of the Windows operating system. All versions include features such as screen capture, crypto mining, remote control and more.
Jsecoin - JavaScript mining software that can be embedded in websites. With JSEcoin, you can run the mining software directly on your browser in exchange for an ad-free browsing experience, game currencies and other incentives.
AZORult - AZORult is a trojan that collects and removes data from the infected system. Once malware is installed on a system (usually delivered by an operating kit such as RIG), it can send stored passwords, local files, cryptocurrencies, and computer profile information to a remote command & control server.
XMRig - XMRig is an open source CPU mining software used for the Monero cryptocurrency production process and was first released in May 2017.
Trickbot - Trickbot is a variant of Dyre that appeared in October 2016. Since then, it has primarily targeted banking users in Australia and the United Kingdom and has recently started appearing in India, Singapore and Malaysia.
Emotet - Sophisticated modular trojan that reproduces itself. Emotet once served as a scam bank account spy and has recently been used to distribute other malware or malware propaganda campaigns. It uses many methods and avoidance techniques to stay in the system and avoid detection. In addition, it may be spread through spam phishing emails containing attachments or links to malicious content.
FormBook - FormBook is an InfoStealer that targets the Windows operating system and was first detected in 2016. It is advertised in hacking forums as a tool that has powerful avoidance techniques and relatively low prices. FormBook collects credentials from various web browsers and screenshots, monitors and records keyboards, and can download and execute files according to C & C instructions given to it.
Dorkbot - IRC-based worm, designed to allow remote execution of code by its operator, as well as downloading additional malware into the infected system, with the primary purpose of stealing sensitive information and performing denial of service attacks.
Family of malware |
Global impact |
Effect Greece |
agent Tesla |
4.74% |
15.61% |
Lokibot |
3.01% |
15.61% |
Nanocore |
5.04% |
13.50% |
Jsecoin |
6.40% |
12.66% |
AZORult |
1.29% |
12.24% |
XMRig |
7.62% |
8.86% |
Trickbot |
4.60% |
6.75% |
Emotet |
5.30% |
6.33% |
Formbook |
3.61% |
5.91% |
Dorkbot |
5.77% |
5.06% |
The World Threat Impact Directory and Check Point's ThreatCloud Map are based on Check Point's ThreatCloud intelligence, the largest anti-cyber crime network, which provides data on threats and trends in attacks, utilizing a global network threat detectors.
The ThreatCloud database includes more than 250 million addresses analyzed to detect bot, more than 11 million signatures of malware and more than 5,5 millions of infected sites, while recognizing millions of types of malware every day.
Check Point's Threat Prevention Resources are available on the site:
http://www.checkpoint.com/threat-prevention-resources/index.html
______________________