October 2022 Most common malware

Η Check Point Research reports a significant increase in attacks Lokibot in October, putting him in third place for the first time in five months. New Vulnerability, Text4Shell, was revealed for the first time and the agent Tesla ranked first as the most widespread malware..

malware death


Η Check Point® Software Technologies Ltd. provider of global cybersecurity solutions, has published its Global Threat Index for October 2022. This month, the AgentTesla keylogger took the top spot as the most prevalent malware, affecting 7% of organizations worldwide. There was a significant increase in the number of attacks by the infostealer Lokibot, which reached third place for the first time in five months. A new vulnerability, Text4Shell, affecting the Apache Commons Text domain was also disclosed.

The Lokibot it is one commodity infostealer which is designed to collect credentials from a variety of applications, including: web browsers, email programs, and IT management tools. As trojan, its goal is to sneak, undetected, into a system disguised as a legitimate program. It can be distributed via email messages Phishing, malicious websites, SMS and other messaging platforms. This increase in popularity can be explained by the increase in campaigns spam regarding online enquiries, orders and payment confirmation messages.

 A new critical vulnerability was also disclosed in October, the Text4Shell, (CVE-2022-42889). Based in his field Apache Commons Text, this allows attacks over a network, without requiring specific privileges or user interaction. The Text4shell it reminds of vulnerability Log4Shell, which a year later is still one of the top threats, ranking second on October's list. Although the Text4Shell didn't make the list of top exploited vulnerabilities this month, it has already affected over 8% of organizations worldwide and Check Point will continue to monitor its impact.  

“We saw a lot of changes in the rankings this month, with a new set of malware families making up the top three. It is interesting that the Lokibot moved back up to third so quickly, which shows a growing trend towards attacks Phishing. As we head into November, which is a busy shopping period, it's important that people remain vigilant and watch out for suspicious emails that could carry malicious code. Look out for signs like the unknown sender, the request for personal information and links. If in doubt, visit the websites directly and find appropriate contact information from verified sources and ensure you have anti-malware installed," said Maya Horowitz, vice president of research Check Point Software.

CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” is the most commonly exploited vulnerability, affecting 43% of organizations worldwide, closely followed by “Apache Log4j Remote Code Execution”, with an impact of 41%. In October education/research also remained in first place as the most attacked sector globally.

The Excellent malware families

* The arrows refer to the change of the ranking in relation to the previous month.

The agent Tesla was the most prevalent malware this month affecting 7% of organizations worldwide, followed by SnakeKeylogger which affects 5% and the Lokibot with an impact of 4%.

  1. agent Tesla -The agent Tesla is an advanced one RAT that works as keylogger and information thief. It is capable of monitoring and collecting the victim's keyboard input, system keyboard, taking screenshots and extracting credentials to various software installed on the victim's machine (including Google Chrome, Mozilla Firefox in the upcoming years, while Microsoft Outlook).
  2. SnakeKeylogger- The SnakeKeylogger is a modular .NET keylogger and credential stealer first detected in November 2020. Its main function is to record user keystrokes and forward the collected data to threat actors. It is a major threat to a user's online security as this malware can intercept all kinds of sensitive information and is highly deficient.
  3. Lokibot- The Lokibot is a spyware that is distributed primarily through phishing emails and is used to steal various data, such as e-mail credentials, as well as passwords to cryptocurrency wallets and servers. FTP.

The top industries under attack worldwide

In October, the Education/Research sector remained in first place as the most attacked sector worldwide, followed by the Government/Military sector and Healthcare.

1. Education/Research

2. Government / Army

3. Health

Top exploiting vulnerabilities

This month, the “Web Server & Hosting Exposed Go Repository Information Disclosure” remains the most commonly exploited vulnerability, affecting 43% of organizations worldwide. Followed by “Apache Log4j Remote -- Execution” which remains in second place with an impact of 41% and “HTTP Headers Remote -- Execution” which ranks third with a global impact of 39%.

  1. Web Server & Hosting Exposed Go Repository Information Disclosure - An information disclosure vulnerability was reported in the Go Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.
  2. Apache Log4j Remote -- Execution (CVE-2021-44228) - A remote code execution vulnerability exists in Apache Log4j. Successfully exploiting this vulnerability could allow a remote intruder to execute arbitrary code on the affected system.
  3. HTTP Headers Remote -- Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) - The HTTP headers allows the client and server to pass additional information with a request HTTP. A remote intruder can use a vulnerable header HTTP to execute arbitrary code on the victim's machine.

Top Malicious Mobile Apps

This month, the Anubis retained the top spot as the most prevalent mobile malware, followed by Hydra and the Joker.

  1. Anubis - The Anubis it is a malicious bank Trojan which is designed for mobile phones Android. Since it was first identified, it has acquired additional functions such as functions Remote Access Trojan (RAT), capabilities keylogger and audio recording, as well as various functions ransomware. It has been spotted in hundreds of different apps available on the Google Store.
  2. Hydra - The Hydra is a banking Trojan which is designed to steal funding credentials by asking victims to enable risky permissions.
  3. Joker - The Joker it is a spyware Android on Google Play, designed to steal messages SMS, contact lists and device information. The malware can also sign up the victim for paid services premium without his consent or knowledge.

Greece Top Malware


Global Impact

Country Impact







agent Tesla



























The Global Threat Impact Index in the upcoming years, while ThreatCloud Map of Check Point Software, based on ThreatCloud intelligence of the company, which provides real-time threat intelligence from hundreds of millions of sensors worldwide, across networks, endpoints and mobile phones. The ThreatCloud intelligence enriched with data based on AI and exclusively research data from Check Point Research, the Department Intelligence & Research of Check Point Software Technologies.

The full list of the top 10 malware families in October 2022 is at blog of Check Point.

iGuRu.gr The Best Technology Site in Greecefgns

malware, what is malware?

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).