March 2023 The top malwares

Η Check Point Research states that Trojan Emotet launched a new campaign last month to circumvent its macro ban Microsoft, sending Email messages spam containing malicious OneNote. Meanwhile, the Ahmyth was the most widespread malware for mobile phones and the log4j once again took the top spot as the most frequently exploited vulnerability.

malware

 

Η Check Point Software Technologies Ltd., provider of global cybersecurity solutions, has published its Global Threat Index for March 2023. Last month, researchers revealed a new malicious campaign for Trojan Emotet, which rose to the second most widespread malware last month.

As reported earlier this year, the perpetrators of the attacks Emotet have been exploring alternative ways to distribute malicious files since the Microsoft announced that he would exclude macros from office files. In this latest campaign, the attackers adopted a new messaging strategy spam containing a malicious file OneNote.

Once this is opened, a bogus message appears that tricks the victim into clicking on the document, which "downloads" the infection Emotet.

Once installed, the malware can collect the user's email data, such as login credentials and contact information. Attackers then use the information gathered to extend the reach of the campaign and facilitate future attacks.

“While major tech companies are doing everything they can to cut off cybercriminals as early as possible, it is nearly impossible to stop every attack that bypasses security measures. We know that the Emotet is a sophisticated one Trojan and it is no surprise that she managed to navigate her most recent defenses Microsoft. The most important thing people can do is make sure they have implemented appropriate email security, avoid downloading unexpected files, and adopt a healthy skepticism about the origin of an email. Email and its content" stated Maya Horowitz, VP Research in Check Point Software.

Η CPR also revealed that the “Apache Log4j Remote Code Execution” was the most exploited vulnerability, affecting 44% of organizations worldwide, followed by “HTTP Headers Remote Code Execution” with a percentage of influence on 43% of organizations worldwide and the “MVPower DVR Remote Code Execution” with a global impact of 40%.

Top malware families

* The arrows refer to the change of the ranking in relation to the previous month.

The Qbot was the most prevalent malware last month impacting over 10% of global organizations respectively, followed by Emotet and Formbook with a 4% global impact.

  1. ↔ Qbot - The Qbot AKA Qakbot is a banking Trojan which first appeared in 2008. It is designed to intercept a user's banking credentials or keystrokes and is often distributed through messages spam. It Qbot uses various techniques anti-VM, anti-debugging and anti-sandbox to block analysis and avoid detection.
  2. ↑ Emotet - The Emotet is an advanced, self-propagating, modular Trojan. It Emotet it was used as a bank Trojan, but recently it is being used as a distributor to other malware or malicious campaigns. It uses multiple methods to maintain persistence and evasion techniques to avoid detection. In addition, it can spread through emails spam containing malicious attachments or links.
  3. ↓ FormBook - The FormBook it is a info stealer which the operating system targets Windows and was first identified in 2016. Available on the market as Malware-as-a-Service (MaaS) to underground hacking forums for its powerful evasion techniques and relatively low price. The Formbook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files as instructed by C&C of.

The Most Attacked Industries Worldwide

Last month, the Education / Research remained the industry with the most attacks globally, followed by Government/Military sector and then the Health care.

  1. Education / Research
  2. Government / Army
  3. Health care

The TOP Exploited Vulnerabilities

Last month, the "Apache Log4j Remote Code Execution" was the most commonly exploited vulnerability, affecting 44% of organizations worldwide, followed by “HTTP Headers Remote Code Execution" affecting 43% of organizations worldwide and the "MVPower DVR Remote Code Execution" with a global impact of 40%.

  1. ↑ Apache Log4j Remote Code Execution (CVE-2021-44228) – Remote code execution vulnerability in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
  2. ↑ HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) – HTTP headers allow the client and server to pass additional information with an HTTP request. A remote attacker can use a vulnerable HTTP header to execute arbitrary code on the victim computer.
  3. ↑MVPower DVR Remote Code Execution - Device remote code execution vulnerability MVPower DVR. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected router via a crafted request.

Top Mobile Malwares

Last month, the Ahmyth rose to the top spot as the most prevalent mobile malware, followed by Anubis and Hiddad.

  1. AhMyth - The AhMyth it is a Trojan remote access (RAT) discovered in 2017. Distributed via apps Android which can be found in app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, take screenshots, send messages SMS and of the camera.
  2. Anubis - The Anubis it is a malicious bank Trojan which is designed for mobile phones Android. Since it was first identified, it has acquired additional functions such as operation Remote Access Trojan (RAT), keylogger, audio recording capabilities and misc ransomware characteristics. It has been spotted in hundreds of different apps available on the Google Store.
  3. Hiddad - The Hiddad is a malware Android that repackages legitimate apps and then releases them on a third-party store. Its main function is to display advertisements, but it can also access key security details built into the operating system.

Top 5 of Greece

       
Qbot

Qbot AKA Qakbot is a banking Trojan that first appeared in 2008. It was designed to steal a user's banking credentials and keystrokes. Often distributed via spam email, Qbot uses various anti-VM, anti-debugging and anti-sandbox techniques to prevent analysis and avoid detection.

10.30% 16.35%
Formbook

FormBook is an Infostealer that targets the Windows operating system and was first detected in 2016. It is marketed as Malware as a Service (MaaS) on underground hacking forums for its powerful evasion techniques and relatively low price. FormBook collects credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to commands from C&C.

3.90% 11.80%
Emotet

Emotet is an advanced, self-propagating and modular Trojan that was once used as a banking Trojan and currently distributes other malware or malicious campaigns. Emotet uses multiple methods to maintain persistence and evasion techniques to avoid detection, and can spread through spam emails containing malicious attachments or links.

3.90% 9.12%
agent Tesla The agent Tesla is a advanced RAT που function as a keylogger and thief codes access and is active from This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. 2014. AgentTesla can monitor and collect the victim's keyboard input and system clipboard, and can capture screenshots and extract credentials for a variety of software installed on the victim's machine (including Google Chrome, Mozilla Firefox, and Microsoft Outlook email client). AgentTesla is sold on various online marketplaces and hacking forums. 3.70% 8.31%
GuLoader

Guloader is a downloader that has been widely used since December 2019. When it first appeared, GuLoader was used to download Parallax RAT, but it has been applied to other remote access trojans and information stealers such as Netwire, FormBook and Agent Tesla.

3.10% 7.24%

The Global Threat Impact Index and Map ThreatCloud of Check Point fueled by technology ThreatCloud of Check Point. It ThreatCloud provides real-time threat intelligence from hundreds of millions of sensors worldwide, across networks, endpoints and mobile phones. It is enriched with engines based on and exclusive research data from Check Point Research, its information and research sector Check Point Software Technologies.

The full list of the top ten malware families for the month of March can be found at her blog Check Point.

Risk
Ranking
Country Name Normalized
risk index
Rank last month Rank Change  
1 Mongolia 100.0 1 0  
2 Ethiopia 95.3 2 0  
3 Nepal 86.8 3 0  
4 Georgia 78.2 5 1  
5 Vietnam 74.6 4 -1  
6 Taiwan, Province of China 69.0 6 0  
7 Indonesia 68.4 7 0  
8 Colombia 63.4 9 1  
9 Kenya 63.4 8 -1  
10 Zambia 59.8 18 8  
11 Philippines 59.2 11 0  
12 Chile 57.5 41 29  
13 Thailand 57.0 13 0  
14 Turkey 56.8 16 2  
15 Argentina 56.8 14 -1  
16 Kuwait 55.6 12 -4  
17 Macau 54.5 42 25  
18 Kazakhstan 54.4 25 7  
19 Uganda 54.1 31 12  
20 Venezuela, Bolivarian Republic of 53.7 #AT #AT  
21 India 52.9 19 -2  
22 Nigeria 52.9 15 -7  
23 Myanmar 52.9 23 0  
24 Ecuador 51.9 20 -4  
25 Czech Republic 51.8 24 -1  
26 China 51.7 27 1  
27 Peru 51.5 21 -6  
28 Russian Federation 49.0 28 0  
29 Bosnia and Herzegovina 48.7 17 -12  
30 Bolivia, Plurinational State of 48.4 36 6  
31 Mexico 47.8 26 -5  
32 Angola 47.7 22 -10  
33 Guatemala 47.4 34 1  
34 Serbia 46.9 35 1  
35 Brazil 46.4 32 -3  
36 Denmark 46.1 50 14  
37 United Arab Emirates 45.2 33 -4  
38 Singapore 45.1 37 -1  
39 Macedonia, the former Yugoslav Republic of 44.9 38 -1  
40 Uruguay 44.8 29 -11  
41 New Zealand 44.2 53 12  
42 Cambodia 44.0 40 -2  
43 Israel 43.3 45 2  
44 Spain 43.2 48 4  
45 South Africa 43.2 39 -6  
46 Italy 43.1 43 -3  
47 morocco 42.7 46 -1  
48 Namibia 42.5 57 9  
49 Jamaica 42.4 51 2  
50 South Korea 42.3 61 11  
51 Austria 42.1 52 1  
52 41.8 47 -5  
53 Slovenia 41.7 56 3  
54 Sweden 41.3 62 8  
55 Belarus 41.3 44 -11  
56 Dominican Republic 41.3 55 -1  
57 ireland 40.6 49 -8  
58 Japan 40.6 63 5  
59 United Kingdom 40.1 69 10  
60 Finland 40.0 71 11  
61 Uzbekistan 39.6 75 14  
62 Portugal 39.4 70 8  
63 United States 39.3 68 5  
64 Saudi Arabia 39.3 54 -10  
65 Australia 39.2 72 7  
66 poland 39.2 65 -1  
67 Trinidad and Tobago 39.2 59 -8  
68 Honduras 39.2 74 6  
69 Estonia 38.8 76 7  
70 Germany 38.7 66 -4  
71 Nicaragua 38.3 60 -11  
72 norway 38.2 79 7  
73 Slovakia 38.2 73 0  
74 Switzerland 37.6 67 -7  
75 El Salvador 37.6 58 -17  
76 Hong Kong 36.8 78 2  
77 Netherlands 36.7 77 0  
78 Belgium 36.7 64 -14  
79 Canada 36.6 80 1  
80 Hungary 36.1 89 9  
81 Greece 35.9 82 1  
82 France 34.7 81 -1  
83 Ukraine 34.7 99 16  
84 Ivory Coast 34.6 96 12  
85 Ghana 34.3 86 1  
86 Panama 33.6 91 5  
87 Bulgaria 33.3 83 -4  
88 lithuania 33.3 95 7  
89 Qatar 33.1 84 -5  
90 Montenegro 32.8 100 10  
91 Luxembourg 32.7 85 -6  
92 Paraguay 32.7 93 1  
93 Romania 32.4 88 -5  
94 Cyprus 32.4 90 -4  
95 latvia 32.2 97 2  
96 Bahrain 32.2 100 4  
97 Croatia 32.0 94 -3  
98 Sri Lanka 30.4 92 -6  
99 Costa Rica 29.1 98 -1  
100 Mozambique 28.4 87 -13  
101 Malta 24.4 100 0  
102 Egypt 14.8 100 0  

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
malware, Emotet

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).