MaliBot June 2022, the most widespread malware hits Mobile Banking

Check Point Research, its research department Check Point Software Technologies Ltd., a provider of global cybersecurity solutions, has published its Global Threat Index for June 2022. CPR reports that a new banking malware for Android, by name MaliBot, after shooting down of flubot at the end of last May.

Although just discovered, banking MaliBot, has already reached the third place in the list of the most widespread mobile malware. It disguises itself as cryptocurrency mining apps with different names and targets users mobile devices banking to steal financial information. Like the flubot, the MaliBot uses messages SMS Phishing (smishing) to trick victims into clicking on a malicious link, which redirects them to download a fake app containing the malware.

Also this month, malware Emotet is still the most prevalent malware overall. The Snake Keylogger comes in third place after an increase in activity since appearing in eighth place last month. Its main function Snake is to record users' typing movements and pass the data it collects to threat actors. While in May the CPR saw it Snake Keylogger to be distributed through files PDF, recently spread via email post officey that contained attached files Word labeled requests for quotations. The researchers also reported on new variant of it Emotet in June, which has credit card theft capabilities and targets program users browsing Chrome.

"While it's always good to see prosecution success neutralizing cybercrime groups or malware such as flubot, unfortunately it didn't take long for a new mobile malware to take its place," said Ms Maya Horowitz, vice president of research Check Point Software.

“Cybercriminals are well aware of the central role mobile devices play in many people's lives and are always adapting and improving their tactics to match. The threat landscape is rapidly evolving, and mobile malware is a significant risk to both personal and business security. It's never been more important to have a robust mobile threat prevention solution.”

Η CPR also revealed that the “ Apache Log4j Remote Code Execution ” is the most commonly exploited vulnerability, affecting 43% of organizations worldwide, closely followed by “ Web Server Exposed Git Repository Information Disclosure ", which has a global impact of 42,3%. The "Web Servers Malicious URL Directory Traversal” is in third place with a global impact of 42,1%.

TOP Malware Families

* The arrows refer to the change of the ranking in relation to the previous month.

This month, the Emotet is still the most widespread malware with a global impact of 14%, followed by Formbook and Snake Keylogger, each affecting 4,4% of organizations worldwide.

1. ↔ Emotet - evolved modular trojan self-reproducing. The Emotet once served as a scam bank account spy and recently used to distribute other malware or propaganda campaigns malware. It uses many methods and avoidance techniques to stay in the system and avoid detection. In addition, it can be spread through spam Email phishing (Phishing) containing attachments or links to malicious content.

2. ↔ Formbook -Το Formbook, which first appeared in 2016, is one infostealer, which collects credentials from various web browsers (websites browsers), collects screenshots, monitors and logs keystrokes and can download and execute files according to command and control directives.

3. ↑ Snake Keylogger - The Snake it is a modular .NET keylogger credential theft software that was first detected in late November 2020. Its main function is to record user keystrokes and forward the collected data to threat actors. Infections from Snake pose a significant threat to users' online privacy and security, as malware can steal almost all kinds of sensitive information and is a particularly insidious and persistent keylogger.

The full list of the top ten malware families in June can be found on its website Check Point blog.

Top attacking industries worldwide

This month education/research continues to be the most attacked industry globally, followed by government/military and healthcare.

1. Education & Research

2. Government/Military

3. Healthcare Logistics

Top Exposed Vulnerabilities

This month, This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. “Apache Log4j Remote Code Execution” is the most commonly exploited vulnerability, impacting 43% of organizations worldwide, closely followed by “Web Server Exposed Git Repository Information Disclosure”, which has a global impact of 42,3%. The "Website Servers Malicious URL Directory traverse” is in third place with a global impact of 42,1%.

1. ↑ Apache log4j Remote -- Execution (CVE-2021-44228) - A remote code execution vulnerability exists in Apache log4j. Successfully exploiting this vulnerability could allow a remote intruder to execute arbitrary code on the affected system.

2. ↑ Website Server & Hosting Exposed Go Repository Information Disclosure A vulnerability to disclosing information was reported in Go Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.

3. ↓ Website Servers Malicious URL Directory traverse (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-A folder bypass vulnerability exists on various web servers. The vulnerability is due to an input verification error on a web server that does not clean up the address properly URL for folder navigation templates. Successful exploitation allows unauthorized remote attackers to expose or gain access to arbitrary files on the vulnerable server.

Top Malicious Mobile Apps

This month the AlienBot is the most common mobile malware followed by Anubis and MaliBot.

1. AlienBot - The malware family AlienBot it is a Malware-as-a-Service (MaaS) for devices Android which allows a remote intruder, as a first step, to introduce malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of their device.

2. Anubis - The Anubis is a banking Trojan designed for mobile phones Android. Since it was first identified, it has acquired additional functions such as operation Remote Access Trojan (RAT), keylogger, audio recording capabilities and misc ransomware characteristics. It has been spotted in hundreds of different apps available on the Google Store.

3. MaliBot - The Malibot is a banking malware Android which has been detected targeting users in Spain and Italy. The Banking it masquerades as crypto mining apps with different names and focuses on stealing financial information, crypto wallets and more personal data.

The Global Threat Impact Index and ThreatCloud Map of Check Point Software, based on ThreatCloud intelligence of the company, which provides real-time threat intelligence from hundreds of millions of sensors worldwide, across networks, endpoints and mobile phones. The ThreatCloud intelligence enriched with engines based on AI and exclusively research data from Check Point Research, the Department market & Research of Check Point Software Technologies.

The full list of the top 10 malware families in June 2022 can be found at blog of Check Point.