The Check Point Research, the research department of Check Point® Software Technologies Ltd., published the most widespread malware in Greece for July 2019.
agent Tesla – AgentTesla is a sophisticated RAT that acts as a keylogger and password stealing software infecting computers since 2014. AgentTesla has the ability to monitor and collect the victim's keyboard entries and system clipboard, take screenshots and removes credentials from software installed on the victim's machine (including Google Chrome, Mozilla Firefox, and its email client Microsoft Outlook). AgentTesla is sold as a legitimate RAT with interested parties paying $15 – $69 for a single user license.
Lokibot – Lokibot is spyware that is mainly spread through phishing emails and usesused to intercept data such as email credentials, as well as passwords to cryptocurrency wallets and FTP servers.
NanoCore - NanoCore is a remote access trojan that was first noticed in 2013 and is aimed at users of the Windows operating system. All versions include features such as screen capture, crypto mining, remote control and more.
Jsecoin - JavaScript mining software that can be embedded in websites. With JSEcoin, you can run the mining software directly on your browser in exchange for an ad-free browsing experience, game currencies and other incentives.
AZORult – AZORult is a trojan that collects and removes data from the infected system. Once the malware is installed on a system (usually delivered by an exploit kit like RIG), it can send saved passwords, local files, crypto-wallets, and computer profile information to a remote command & control server.
XMRig – Το XMRig είναι ένα λογισμικό CPU mining ανοικτού πηγαίου κώδικα το οποίο χρησιμοποιείται για τη procedure production of the Monero cryptocurrency and was first seen in circulation in May 2017.
Trickbot – Trickbot is a parchange by Dyre which appeared in October 2016. Since then, it has mainly targeted banking users in Australia and the UK and recently started appearing in India, Singapore and Malaysia.
Emotet - Sophisticated modular trojan that reproduces itself. Emotet once served as a scam bank account spy and has recently been used to distribute other malware or malware propaganda campaigns. It uses many methods and avoidance techniques to stay in the system and avoid detection. In addition, it may be spread through spam phishing emails containing attachments or links to malicious content.
FormBook - FormBook is an InfoStealer that targets the Windows operating system and was first detected in 2016. It is advertised in hacking forums as a tool that has powerful avoidance techniques and relatively low prices. FormBook collects credentials from various web browsers and screenshots, monitors and records keyboards, and can download and execute files according to C & C instructions given to it.
Dorkbot - IRC-based worm, designed to allow remote execution of code by its operator, as well as downloading additional malware into the infected system, with the primary purpose of stealing sensitive information and performing denial of service attacks.
Family of malware |
Global impact |
Effect Greece |
agent Tesla |
4.74% |
15.61% |
Lokibot |
3.01% |
15.61% |
Nanocore |
5.04% |
13.50% |
Jsecoin |
6.40% |
12.66% |
AZORult |
1.29% |
12.24% |
XMRig |
7.62% |
8.86% |
Trickbot |
4.60% |
6.75% |
Emotet |
5.30% |
6.33% |
Formbook |
3.61% |
5.91% |
Dorkbot |
5.77% |
5.06% |
The World Threat Impact Directory and Check Point's ThreatCloud Map are based on Check Point's ThreatCloud intelligence, the largest anti-cyber crime network, which provides data on threats and trends in attacks, utilizing a global network threat detectors.
Η base ThreatCloud data includes more than 250 million addresses analyzed for bot detection, more than 11 million malware signatures and more than 5,5 million infected websites, while identifying millions of malware types every day.
Check Point's Threat Prevention Resources are available on the site:
http://www.checkpoint.com/threat-prevention-resources/index.html
______________________