Η Check Point Research, the research division of Check Point Software Technologies Ltd., has released its latest Global Threat List for May 2019.
The map also contains the widespread threats of malware identified in Greece in May of 2019.
agent Tesla - AgentTesla is a sophisticated RAT that functions as a keylogger and password-stealing software infecting computers from 2014. AgentTesla is able to monitor and collect victim's keyboard and system clipboard entries, take screenshots and remove credentials from software installed on the victim's machine (including Google Chrome, Mozilla Firefox, and email client Microsoft Outlook). AgentTesla is sold as a legal RAT with interested parties paying 15 - 69 dollars for a user license.
JSEcoin - JavaScript production software that can be integrated into websites. With JSEcoin, you can run the production software directly in the browser in exchange for a non-ad browsing experience, game coins, and other incentives.
Lokibot - Lokibot is a spyware software that spreads primarily through phishing email and is used to intercept data such as e-mail credentials, as well as passwords to electronic cryptographic wallets and FTP servers.
Trickbot - Trickbot is a variation of Dyre that appeared in October of 2016. Since then, it has been primarily targeted at banking users in Australia and the United Kingdom, and has recently started appearing in India, Singapore and Malaysia.
Cryptoloot - Cryptocurrency generator software that uses the power of the central processing unit (CPU) or processor graphics (GPU) και τους υπάρχοντες πόρους του θύματος για την παραγωγή κρυπτονομισμάτων – προσθέτοντας συναλλαγές στο blockchain and producing new currencies. Competing with Coinhive.
Ramnit - Ramnit is a worm that infects and spreads mainly through removable drives and files loaded into public FTP services. Malicious software creates a copy of itself to infect removable and permanent drivers. Malware also works as a backdoor.
Emotet - Sophisticated modular trojan that reproduces itself. Emotet once served as a scam bank account spy and has recently been used to distribute other malware or dissemination campaigns malware. It uses many methods and avoidance techniques to stay in the system and avoid detection. In addition, it can be spread through spam phishing emails containing attachments or links to malicious content.
XMRig - XMRig is an open-source mining CPU software used for the Monero Cryptography process and was first released in May in 2017.
Nivdort - Nivdort is a Trojan software family targeted at the Windows platform. It collects passwords and system information or settings such as Windows version, IP address, software configuration, and approximate location. Some versions of this malicious software collect keystrokes.
AZORult - AZORult is a trojan that collects and removes data from the infected system. Once malware is installed on a system (usually delivered by an operating kit such as RIG), it can send stored passwords, local files, cryptocurrencies, and computer profile information to a remote command & control server.
10 most widespread malware threats in Greece for May 2019 |
||
Family of malware |
Global impact |
Effect Greece |
agent Tesla |
1.25% |
12.38% |
Jsecoin |
3.62% |
11.15% |
Lokibot |
2.11% |
8.98% |
Trickbot |
1.88% |
8.67% |
Cryptoloot |
4.13% |
8.05% |
Ramnit |
2.72% |
7.12% |
Emotet |
2.99% |
4.95% |
XMRig |
4.00% |
4.95% |
Nivdort |
1.80% |
4.64% |
AZORult |
0.69% |
4.64% |
The World Threat Impact Catalog and the CheckPoint ThreatCloud chart are based on Check Point's ThreatCloud intelligence, the largest cybercrime cooperation network that provides data on threats and trends in attacks, utilizing a global network threat detectors.
The database ThreatCloud includes more than 250 million addresses analyzed to detect bot, more than 11 million signatures of malware and more than 5,5 millions of infected sites, while recognizing millions of types of malware every day.
_________________________
- Check Point The most common malware for May
- Pale Moon Archive Server with Malware Dropper from 2017
- Windows 10 20H1 build 18932 new ISO from Microsoft
- Microsoft: telemetry to Windows security update files