The most widespread malware for March 2021

Check Point Research, its research department Check Point Software Technologies Ltd.., published the Global Threat Index for March 2021.

The researchers report that trojan Trickbot has conquered the first place of the index, from the third where it was in January. Researchers report that banking trojan IcedID entered the Index for the first time, occupying the second place, while the established one trojan Dridex was the most common malware during March, up from seventh in February.

IcedID first appeared in 2017 and spread rapidly in March through various spam campaigns, affecting 11% of organizations worldwide. A widespread campaign used a COVID-19 theme to entice new victims to open malicious email attachments. The majority of these attachments are Microsoft Word documents with a malicious macro used to import an IcedID installation software. Once installed, the trojan then attempts to steal account information, payment credentials and other sensitive information from users' computers. IcedID also uses other malware to multiply and has been used as the initial stage of infection in ransomware attacks.

"The IcedID υπάρχει εδώ και μερικά χρόνια, αλλά πρόσφατα χρησιμοποιήθηκε ευρέως, δείχνοντας ότι οι εγκληματίες του κυβερνοχώρου συνεχίζουν να προσαρμόζουν τις τεχνικές τους για την σε οργανισμούς, χρησιμοποιώντας την πανδημία ως πρόσχημα”, δήλωσε η Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point. “”Το IcedID είναι ένα ιδιαίτερα επικίνδυνο trojan που χρησιμοποιεί μια σειρά τεχνικών για την κλοπή οικονομικών δεδομένων, οπότε οι οργανισμοί πρέπει να διασφαλίσουν ότι διαθέτουν ισχυρά συστήματα ασφαλείας για να αποτρέψουν την παραβίαση των δικτύων τους και να ελαχιστοποιήσουν τους κινδύνους. Η ολοκληρωμένη εκπαίδευση όλων των εργαζομένων είναι ζωτικής σημασίας, ώστε να είναι εφοδιασμένοι με τις δεξιότητες που απαιτούνται για τον εντοπισμό των τύπων κακόβουλων μηνυμάτων ηλεκτρονικού υ που διαδίδουν το IcedID και άλλα κακόβουλα προγράμματα”.

Η CPR also warns that theHTTP Headers Remote -- Execution (CVE-2020-13756) "is the most common vulnerability used, affecting 45% of organizations worldwide, follows the"MVPower DVR Remote -- Execution”Which affects 44% of organizations worldwide. While the "Dash GPON Router Authentication Bypass (CVE-2018-10561) ”is in the third place of the list with the most frequently exploited vulnerabilities, with an impact of 44% worldwide.

The 3 Most Common Malware Threats   

* The arrows refer to the change of the ranking in relation to the previous month.

This month, the Dridex is the most popular malware with a global impact of 16% of organizations, follow the IcedID and the Lokibot affecting 11% and 9% of organizations worldwide respectively.

  1. Dridex - The Dridex it is one Trojan targeting their platform Windows and reportedly downloads via an attachment spam in e-mail. The Dridex communicates with a remote server and sends information about the infected system. It can also download and execute arbitrary modules received from the remote server.

  2. IcedID - The IcedID is a banking Trojan spread through campaigns spam e-mail and uses avoidance techniques, such as process injection and sealing, to steal users' financial data.

  3. Lokibot - The Lokibot is a spyware that is distributed primarily through phishing emails and is used to steal various data, such as e-mail credentials, as well as passwords to cryptocurrency wallets and servers. FTP.

The most exploitable vulnerabilities   

This month, the “ HTTP Headers Remote -- Execution (CVE-2020-13756) ” is the most commonly exploited vulnerability, affecting 45% of organizations worldwide, followed by "MVPower DVR Remote -- Execution"”Which affects 44% of organizations worldwide. THE " Dash GPON Router Authentication Bypass (CVE-2018-10561)Is in third place with an impact of 44% worldwide.

  1.  HTTP Headers Remote -- Execution (CVE-2020-13756) Specific HTTP header fields allow the client and server to transfer additional information. A remote intruder can use a vulnerable HTTP field to execute arbitrary code on the victim machine.

  2.  MVPower DVR Remote -- Execution - MVPower DVRs have a remote code execution vulnerability. A remote attacker can exploit this vulnerability and execute arbitrary code on the affected router via a crafted request.

  3.  Dash GPON Router Authentication Bypass (CVE-2018-10561) - An authentication bypass vulnerability in Dasan GPON routers. Successfully exploiting this vulnerability allows remote intruders to gain access to sensitive information and gain unauthorized access to the affected system.

The 3 Most Common Mobile Malware Threats

The  Hiddad ranks 1st as the most prevalent mobile malware, followed by xHelper in the upcoming years, while FurBall.

  1. Hiddad -The Hiddad it is one malware software Android which repackages legitimate applications and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the operating system.

  2. xHelper - The xHelper is a malicious application that has been in the forefront since March 2019 and is used to download other malicious applications and display ads. The application is able to "hide" from the user and be reinstalled automatically in case it is uninstalled.

  3. FurBall - FurBall is an Android MRAT (Mobile Remote Access Trojan) developed by APT-C-50, an Iranian APT team affiliated with the Iranian government. This malware has been used in multiple campaigns dating back to 2017 and is still active today. Among the features of FurBall are: theft of SMS messages and mobile call logs, call logging and environment, multimedia file collection, location tracking and much more.

The full list of the most common malware threats in Greece for January is:

Dridex Dridex is a Banking Trojan that targets the Windows platform via spam and Exploit Kits, which relies on WebInjects to monitor and redirect bank credentials to an intruder-controlled server. Dridex communicates with a remote server, sends information about the infected system, and can also download and run additional operating systems for remote control.

Agentesla - Το AgentTesla είναι ένα RAT (Remote Access Trojan) που αποσπά κωδικούς και στοιχεία κατά την πληκτρολόγηση. Ενεργό από το 2014, το AgentTesla μπορεί να παρακολουθεί και να συλλέγει στοιχεία από το θύμα την στιγμή που αυτό πληκτρολογεί, μπορεί επίσης να καταγράφει στιγμιότυπα από την οθόνη και διαπιστευτήρια εξακρίβωσης που έχουν εισαχθεί για πολλά προγράμματα λογισμικού που είναι εγκατεστημένα στο μηχάνημα του (συμπεριλαμβανομένων των Google Chrome, Mozilla Firefox και Microsoft Outlook). Το AgentTesla πωλείται ανοιχτά ως νόμιμο RAT με τους πελάτες να πληρώνουν 15$ – 69$ για άδειες χρήσης.

IcedID- That's it IcedID είναι ένα τραπεζικό Trojan που εμφανίστηκε για πρώτη φορά τον Σεπτέμβριο του 2017. Συνήθως χρησιμοποιεί άλλα γνωστά τραπεζικά Trojans, συμπεριλαμβανομένων των Emotet, Ursnif και Trickbot, για να βοηθήσει στην εξάπλωσή του. Το IcedID κλέβει οικονομικά δεδομένα χρηστών τόσο μέσω redirects (installs a local proxy server to redirect users to fake clone sites) and through web injection attacks (inserts a browser process to display fake content overlapping over the home page).

LokiBot- That's it LokiBot was first detected in February 2016 and is an information spy with versions for both Windows and Android. It collects credentials from various applications, web browsers, e-mail programs, IT management tools such as PuTTY and more. LokiBot is sold in hacking forums and it is believed that its source code was leaked, thus allowing the appearance of numerous variations. As of late 2017, some versions of LokiBot for Android include ransomware functionality in addition to information theft capabilities.

 AKA -Το Qakbot είναι τραπεζικό Trojan που εμφανίστηκε για πρώτη φορά το 2008, με σκοπό να κλέψει τραπεζικά credentials και στοιχεία που πληκτρολογούν οι χρήστες. Συχνά διανέμεται μέσω spam email. Η Qbot χρησιμοποιεί πολλές τεχνικές anti-VM, anti-debugging και anti-, για να εμποδίσει την ανάλυση και να αποφύγει τον εντοπισμό.

Trickbot - Trickbot is a dominant banking trojan that targets Windows platforms and is mainly transmitted via spam or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute modules arbitrarily from a wide range of available, such as a VNC module for remote use or an SMB module for distribution within an affected network. Once a machine is infected, the threat agents behind the Trickbot malware use this wide range of modules not only to steal bank credentials from the target computer, but also for lateral movement and recognition within the organization itself, before a targeted attack. ransomware throughout the company.

FormBook - FormBook is an InfoStealer that targets the Windows operating system and was first detected in 2016. It is advertised in hacking forums as a tool that has powerful avoidance techniques and relatively low prices. FormBook collects credentials from various web browsers and screenshots, monitors and records keyboards, and can download and execute files according to C & C instructions given to it.

XMRig - XMRig is an open source CPU mining software used for the Monero cryptocurrency production process and was first released in May 2017.

Joker- The Joker An android Spyware on Google Play, designed to steal SMS messages, contact lists and device information. In addition, the malware secretly subscribes to the victim for premium services on advertising sites.

Vidar– Vidar is an infolstealer that targets Windows operating systems. First detected in late 2018, it is designed to steal passwords, credit card data and other sensitive information from various web browsers and digital wallets. Vidar has been sold on various online forums and a malware dropper has been used to download GandCrab ransomware as its secondary load.


The World Threat Impact List and the Map ThreatCloud of Check Point, based on ThreatCloud intelligence of Check Point, on the largest network cooperation to combat it cybercrime, which provides data on threats and trends in attacks, utilizing a global network of threat detectors. The database ThreatCloud includes over 3 billion websites and 600 million files daily and tracks more than 250 million activities malware every day.

The full list of the most common malware threats worldwide for February is available at Check Point Blog The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).