Η Check Point Research states that Trojan Emotet launched a new campaign last month to circumvent its macro ban Microsoft, sending Email messages spam containing malicious files OneNote. Meanwhile, the Ahmyth was the most widespread malware for mobile phones and the Log4j once again took the top spot as the most frequently exploited vulnerability.
Η Check Point Software Technologies Ltd., provider of global cybersecurity solutions, has published its Global Threat Index for March 2023. Last month, researchers revealed a new malicious campaign for Trojan Emotet, which rose to the second most widespread malware last month.
As reported earlier this year, the perpetrators of the attacks Emotet have been exploring alternative ways to distribute malicious files since the Microsoft announced that he would exclude macros from office files. In this latest campaign, the attackers adopted a new messaging strategy spam containing a malicious file OneNote.
Once this is opened, a bogus message appears that tricks the victim into clicking on the document, which "downloads" the infection Emotet.
Once installed, the malware can collect the user's email data, such as login credentials and contact information. Attackers then use the information gathered to extend the reach of the campaign and facilitate future attacks.
“While major tech companies are doing everything they can to cut off cybercriminals as early as possible, it is nearly impossible to stop every attack that bypasses security measures. We know that the Emotet is a sophisticated one Trojan and it is no surprise that she managed to navigate her most recent defenses Microsoft. The most important thing people can do is make sure they have implemented appropriate email security, avoid downloading unexpected files, and adopt a healthy skepticism about the origin of an email. Email and its content" stated Maya Horowitz, VP Research in Check Point Software.
Η CPR also revealed that the “Apache Log4j Remote Code Execution” was the most exploited vulnerability, affecting 44% of organizations worldwide, followed by “HTTP Headers Remote Code Execution” with a percentage of influence on 43% of organizations worldwide and the “MVPower DVR Remote Code Execution” with a global impact of 40%.
Top malware families
* The arrows refer to the change of the ranking in relation to the previous month.
The Qbot was the most prevalent malware last month impacting over 10% of global organizations respectively, followed by Emotet in the upcoming years, while Formbook with a 4% global impact.
- ↔ Qbot - The Qbot AKA Qakbot is a banking Trojan which first appeared in 2008. It is designed to intercept a user's banking credentials or keystrokes and is often distributed through messages spam. It Qbot uses various techniques anti-VM, anti-debugging in the upcoming years, while anti-sandbox to block analysis and avoid detection.
- ↑ Emotet - The Emotet is an advanced, self-propagating, modular Trojan. It Emotet it was used as a bank Trojan, but recently it is being used as a distributor to other malware or malicious campaigns. It uses multiple methods to maintain persistence and evasion techniques to avoid detection. In addition, it can spread through emails spam containing malicious attachments or links.
- ↓ FormBook - The FormBook it is one info stealer targeting the operating system Windows and was first identified in 2016. Available on the market as Malware-as-a-Service (MaaS) to underground hacking forums for its powerful evasion techniques and relatively low price. The Formbook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files as instructed by C&C of.
The Most Attacked Industries Worldwide
Last month, the Education / Research remained the industry with the most attacks globally, followed by Government/Military sector and then the Health care.
- Education / Research
- Government / Army
- Health care
The Excellent Exploited Vulnerabilities
Last month, the "Apache Log4j Remote Code Execution" was the most commonly exploited vulnerability, affecting 44% of organizations worldwide, followed by “HTTP Headers Remote Code Execution" affecting 43% of organizations worldwide and the "MVPower DVR Remote Code Execution" with a global impact of 40%.
- ↑ Apache Log4j Remote Code Execution (CVE-2021-44228) – Remote code execution vulnerability in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
- ↑ HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) – HTTP headers allow the client and server to pass additional information with an HTTP request. A remote attacker can use a vulnerable HTTP header to execute arbitrary code on the victim computer.
- ↑MVPower DVR Remote Code Execution - Device remote code execution vulnerability MVPower DVR. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected router via a crafted request.
Top Mobile Malwares
Last month, the Ahmyth rose to the top spot as the most prevalent mobile malware, followed by Anubis in the upcoming years, while Hiddad.
- AhMyth - The AhMyth it is one Trojan remote access (RAT) discovered in 2017. Distributed via apps Android which can be found in app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, take screenshots, send messages SMS and activating the camera.
- Anubis - The Anubis it is a malicious bank Trojan which is designed for mobile phones Android. Since it was first identified, it has acquired additional functions such as operation Remote Access Trojan (RAT), keylogger, audio recording capabilities and misc ransomware characteristics. It has been spotted in hundreds of different apps available on the Google Store.
- Hiddad - The Hiddad is a malware Android that repackages legitimate apps and then releases them on a third-party store. Its main function is to display advertisements, but it can also access key security details built into the operating system.
Top 5 of Greece
| Qbot |
Qbot AKA Qakbot is a banking Trojan that first appeared in 2008. It was designed to steal a user's banking credentials and keystrokes. Often distributed via spam email, Qbot uses various anti-VM, anti-debugging and anti-sandbox techniques to prevent analysis and avoid detection. |
10.30% | 16.35% |
| Formbook |
FormBook is an Infostealer that targets the Windows operating system and was first detected in 2016. It is marketed as Malware as a Service (MaaS) on underground hacking forums for its powerful evasion techniques and relatively low price. FormBook collects credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to commands from C&C. |
3.90% | 11.80% |
| Emotet |
Emotet is an advanced, self-propagating and modular Trojan that was once used as a banking Trojan and currently distributes other malware or malicious campaigns. Emotet uses multiple methods to maintain persistence and evasion techniques to avoid detection, and can spread through spam emails containing malicious attachments or links. |
3.90% | 9.12% |
| agent Tesla | The agent Tesla is a advanced RAT που function as a keylogger in the upcoming years, while thief codes access in the upcoming years, while is active from This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. 2014. AgentTesla can monitor and collect the victim's keyboard input and system clipboard, and can capture screenshots and extract credentials for a variety of software installed on the victim's machine (including Google Chrome, Mozilla Firefox, and Microsoft Outlook email client). AgentTesla is sold on various online marketplaces and hacking forums. | 3.70% | 8.31% |
| GuLoader |
Guloader is a downloader that has been widely used since December 2019. When it first appeared, GuLoader was used to download Parallax RAT, but it has been applied to other remote access trojans and information stealers such as Netwire, FormBook and Agent Tesla. |
3.10% | 7.24% |
The Global Threat Impact Index and Map ThreatCloud of Check Point fueled by technology ThreatCloud of Check Point. It ThreatCloud provides real-time threat intelligence from hundreds of millions of sensors worldwide, across networks, endpoints and mobile phones. Enriched with AI-based engines and exclusive survey data from Check Point Research, its information and research sector Check Point Software Technologies.
The full list of the top ten malware families for the month of March can be found at her blog Check Point.
| Risk Ranking |
Country Name | Normalized risk index |
Rank last month | Rank Change | |
| 1 | Mongolia | 100.0 | 1 | 0 | |
| 2 | Ethiopia | 95.3 | 2 | 0 | |
| 3 | Nepal | 86.8 | 3 | 0 | |
| 4 | Georgia | 78.2 | 5 | 1 | |
| 5 | Vietnam | 74.6 | 4 | -1 | |
| 6 | Taiwan, Province of China | 69.0 | 6 | 0 | |
| 7 | Indonesia | 68.4 | 7 | 0 | |
| 8 | Colombia | 63.4 | 9 | 1 | |
| 9 | Kenya | 63.4 | 8 | -1 | |
| 10 | Zambia | 59.8 | 18 | 8 | |
| 11 | Philippines | 59.2 | 11 | 0 | |
| 12 | Chile | 57.5 | 41 | 29 | |
| 13 | Thailand | 57.0 | 13 | 0 | |
| 14 | Turkey | 56.8 | 16 | 2 | |
| 15 | Argentina | 56.8 | 14 | -1 | |
| 16 | Kuwait | 55.6 | 12 | -4 | |
| 17 | Macau | 54.5 | 42 | 25 | |
| 18 | Kazakhstan | 54.4 | 25 | 7 | |
| 19 | Uganda | 54.1 | 31 | 12 | |
| 20 | Venezuela, Bolivarian Republic of | 53.7 | #AT | #AT | |
| 21 | India | 52.9 | 19 | -2 | |
| 22 | Nigeria | 52.9 | 15 | -7 | |
| 23 | Myanmar | 52.9 | 23 | 0 | |
| 24 | Ecuador | 51.9 | 20 | -4 | |
| 25 | Czech Republic | 51.8 | 24 | -1 | |
| 26 | China | 51.7 | 27 | 1 | |
| 27 | Peru | 51.5 | 21 | -6 | |
| 28 | Russian Federation | 49.0 | 28 | 0 | |
| 29 | Bosnia and Herzegovina | 48.7 | 17 | -12 | |
| 30 | Bolivia, Plurinational State of | 48.4 | 36 | 6 | |
| 31 | Mexico | 47.8 | 26 | -5 | |
| 32 | Angola | 47.7 | 22 | -10 | |
| 33 | Guatemala | 47.4 | 34 | 1 | |
| 34 | Serbia | 46.9 | 35 | 1 | |
| 35 | Brazil | 46.4 | 32 | -3 | |
| 36 | Denmark | 46.1 | 50 | 14 | |
| 37 | United Arab Emirates | 45.2 | 33 | -4 | |
| 38 | Singapore | 45.1 | 37 | -1 | |
| 39 | Macedonia, the former Yugoslav Republic of | 44.9 | 38 | -1 | |
| 40 | Uruguay | 44.8 | 29 | -11 | |
| 41 | New Zealand | 44.2 | 53 | 12 | |
| 42 | Cambodia | 44.0 | 40 | -2 | |
| 43 | Israel | 43.3 | 45 | 2 | |
| 44 | Spain | 43.2 | 48 | 4 | |
| 45 | South Africa | 43.2 | 39 | -6 | |
| 46 | Italy | 43.1 | 43 | -3 | |
| 47 | morocco | 42.7 | 46 | -1 | |
| 48 | Namibia | 42.5 | 57 | 9 | |
| 49 | Jamaica | 42.4 | 51 | 2 | |
| 50 | South Korea | 42.3 | 61 | 11 | |
| 51 | Austria | 42.1 | 52 | 1 | |
| 52 | Malaysia | 41.8 | 47 | -5 | |
| 53 | Slovenia | 41.7 | 56 | 3 | |
| 54 | Sweden | 41.3 | 62 | 8 | |
| 55 | Belarus | 41.3 | 44 | -11 | |
| 56 | Dominican Republic | 41.3 | 55 | -1 | |
| 57 | ireland | 40.6 | 49 | -8 | |
| 58 | Japan | 40.6 | 63 | 5 | |
| 59 | United Kingdom | 40.1 | 69 | 10 | |
| 60 | Finland | 40.0 | 71 | 11 | |
| 61 | Uzbekistan | 39.6 | 75 | 14 | |
| 62 | Portugal | 39.4 | 70 | 8 | |
| 63 | United States | 39.3 | 68 | 5 | |
| 64 | Saudi Arabia | 39.3 | 54 | -10 | |
| 65 | Australia | 39.2 | 72 | 7 | |
| 66 | poland | 39.2 | 65 | -1 | |
| 67 | Trinidad and Tobago | 39.2 | 59 | -8 | |
| 68 | Honduras | 39.2 | 74 | 6 | |
| 69 | Estonia | 38.8 | 76 | 7 | |
| 70 | Germany | 38.7 | 66 | -4 | |
| 71 | Nicaragua | 38.3 | 60 | -11 | |
| 72 | norway | 38.2 | 79 | 7 | |
| 73 | Slovakia | 38.2 | 73 | 0 | |
| 74 | Switzerland | 37.6 | 67 | -7 | |
| 75 | El Salvador | 37.6 | 58 | -17 | |
| 76 | Hong Kong | 36.8 | 78 | 2 | |
| 77 | Netherlands | 36.7 | 77 | 0 | |
| 78 | Belgium | 36.7 | 64 | -14 | |
| 79 | Canada | 36.6 | 80 | 1 | |
| 80 | Hungary | 36.1 | 89 | 9 | |
| 81 | Greece | 35.9 | 82 | 1 | |
| 82 | France | 34.7 | 81 | -1 | |
| 83 | Ukraine | 34.7 | 99 | 16 | |
| 84 | Ivory Coast | 34.6 | 96 | 12 | |
| 85 | Ghana | 34.3 | 86 | 1 | |
| 86 | Panama | 33.6 | 91 | 5 | |
| 87 | Bulgaria | 33.3 | 83 | -4 | |
| 88 | lithuania | 33.3 | 95 | 7 | |
| 89 | Qatar | 33.1 | 84 | -5 | |
| 90 | Montenegro | 32.8 | 100 | 10 | |
| 91 | Luxembourg | 32.7 | 85 | -6 | |
| 92 | Paraguay | 32.7 | 93 | 1 | |
| 93 | Romania | 32.4 | 88 | -5 | |
| 94 | Cyprus | 32.4 | 90 | -4 | |
| 95 | latvia | 32.2 | 97 | 2 | |
| 96 | Bahrain | 32.2 | 100 | 4 | |
| 97 | Croatia | 32.0 | 94 | -3 | |
| 98 | Sri Lanka | 30.4 | 92 | -6 | |
| 99 | Costa Rica | 29.1 | 98 | -1 | |
| 100 | Mozambique | 28.4 | 87 | -13 | |
| 101 | Malta | 24.4 | 100 | 0 | |
| 102 | Egypt | 14.8 | 100 | 0 |
