The most widespread malware for January 2023

Η Check Point Software Technologies Ltd., a leading global provider of cybersecurity solutions, has released its Global Threat Index for January 2023.

Last month infostealer Vidar returned to the top ten list in seventh place after increasing brandjacking cases and launching a major malicious phishing campaign with njRAT software in the Middle East and North Africa.

malware

In January, the Vidar infostealer spread via fake domains claiming to be related to remote desktop software company AnyDesk. The malware used URL jacking for various popular applications to redirect users to a single IP address that claimed to be AnyDesk's official website.

Once downloaded, the malware posed as a legitimate installer to steal sensitive information such as login credentials, passwords, cryptocurrency wallet data, and banking information.

The researchers also identified a large campaign called Earth Bogle, which was spreading the njRAT malware to targets across the Middle East and North Africa. Attackers used phishing emails containing geopolitical themes, tricking users into opening malicious attachments. Once the Trojan is downloaded and opened, it can infect devices allowing attackers to conduct numerous intrusive activities to steal sensitive information. njRAT was ranked tenth on the top malware list after dropping in September 2022.

“Once again, we're seeing malware groups use trusted brands to spread viruses, with the goal of stealing personally identifiable information. I can't stress enough how important it is for people to pay attention to the links they click to ensure they are legitimate URLs. Look out for the security lock, which indicates an up-to-date SSL certificate, and look out for any hidden typos that might indicate the site is malicious,” said Maya Horowitz, VP Research at Check Point Software.

CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” remained the most exploited vulnerability last month, affecting 46% of organizations worldwide, followed by “HTTP Headers Remote Code Execution” with 42% of organizations worldwide . “MVPower DVR Remote Code Execution” came in third with a global impact of 39%.

TOP malware families

* The arrows refer to the change of the ranking in relation to the previous month.

The Qbot and Lokibot were the most prevalent malware last month with over 6% impact on global organizations respectively, followed by agent Tesla with a global impact of 5%.

  1. Qbot – Qbot AKA Qakbot is a banking Trojan that first appeared in 2008. It was designed to steal banking information and a user's keystrokes. It is often distributed via spam email. Qbot uses various anti-VM, anti-debugging and anti-sandbox techniques to block analysis and avoid detection.
  2. Lokibot – LokiBot is a commodity infostealer with versions for both Windows and Android OS that was first detected in February 2016. It collects credentials from various applications, web browsers, email programs, IT management tools like PuTTY and other. LokiBot is sold on hacking forums and its source code is believed to have been leaked allowing numerous variants to emerge. As of late 2017, some versions of LokiBot for Android include ransomware functionality in addition to information-stealing capabilities.
  3. agent Tesla AgentTesla is an advanced RAT that acts as a keylogger and information stealer, which is capable of monitoring and collecting the victim's keyboard input, system keyboard, taking screenshots and extracting credentials to various software installed on the victim's machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client);

TOP attacked Industries globally

Last month, the education/research remained the industry with the most attacks globally, followed by government/military sector and then the health care.

  1. Education / Research
  2. Government / Army
  3. Health

TOP Exploited vulnerabilities

Last month, the “Website Server & Hosting Exposed Go Repository Information Disclosure” was the most exploited vulnerability, affecting 46% of organizations worldwide, followed by “HTTP Headers Remote -- Execution” with 42% of organizations worldwide. THE "MVPower DVR Remote -- Execution" came in third place with a global impact of 39%.

  1. Website Server & Hosting Exposed Go Repository Information Disclosure - A vulnerability was reported in the Git Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.
  2. HTTP Headers Remote -- Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) – HTTP headers allow the client and server to pass additional information with an HTTP request. A remote attacker can use a vulnerable HTTP header to execute arbitrary code on the victim's machine. 
  3. MVPower DVR Remote -- Execution - A remote code execution vulnerability exists in MVPower DVR devices. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected router via a crafted request.

TOP Mobile Malware

Last month, the Anubis remained the most prevalent mobile malware, followed by Hiddad and AhMyth.

  1. Anubis – Anubis is a malicious banking Trojan designed for Android mobile phones. Since it was first detected, it has acquired additional features such as Remote Access Trojan (RAT) functionality, keylogger, audio recording capabilities and various ransomware features. It has been spotted in hundreds of different apps available in the Google Store.
  2. Hiddad – Hiddad is an Android malware that repackages legitimate apps and then releases them on a third-party store. Its main function is to display advertisements, but it can also access key security details built into the operating system.
  3. AhMyth – AhMyth is a Remote Access Trojan (RAT) discovered in 2017. It is distributed through Android apps that can be found in app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, taking screenshots, sending SMS messages, and activating the camera, which is typically used to steal sensitive information. .
Malware_Family_Name global impact Greece Impact
Qbot 6.50% 10.89%
Formbook 3.96% 8.38%
Emotet 3.44% 5.03%
Lokibot 5.50% 5.03%
agent Tesla 4.69% 4.19%
GuLoader 2.04% 4.19%
Nanocore 1.65% 2.79%
XMRig 3.46% 2.51%
cerbu 1.11% 2.23%
Esfury 0.91% 2.23%
Pony 0.56% 2.23%

Check Point Software's Global Threat Impact Index and ThreatCloud Map, based on ThreatCloud the company's intelligence, which provides real-time threat intelligence from hundreds of millions of sensors worldwide, across networks, endpoints and mobile phones. ThreatCloud intelligence is enriched with AI-driven data and exclusive research data from Check Point Research, the Intelligence & Research division of Check Point Software Technologies.

The full list of the top 10 malware families in January 2023 is at blog of Check Point.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.097 registrants.
malware

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).