Hackers are now using multiple types of malware – a software specifically designed to carry out disruption or provide illegal access – to target victims. Last month, users and organisations were hit by certain types of malware, and a new report has now published the information detailing the most used malware, how they were used, impact on users and how to protect against them.
Researchers at Check Point Software Technologies found a new AsyncRAT campaign where malicious HTML files were used to spread the covert malware. According to the report, Global Threat Index for November 2023, India remained on 21st rank in Threat Index per country.
AsyncRAT is a Remote Access Trojan (RAT) known for its ability to remotely monitor and control computer systems without detection. The malware, which came in sixth place on last month’s top ten list, utilises various file formats to carry out process injection.
Formbook was the most prevalent malware last month with an impact of 3% worldwide organisations, followed by FakeUpdates with a global impact of 2%, and Remcos with a global impact of 1%.
How people were targeted
In last month’s campaign, recipients received an email containing an embedded link. Those who clicked the link, triggered a malicious HTML file to be downloaded, which then prompted a sequence of events. This means that the malware could camouflage itself as a trusted application to avoid detection.
Here are the top malware families:
Formbook: Formbook is an Infostealer targeting the Windows OS and was first detected in 2016. It is marketed as Malware as a Service (MaaS) in underground hacking forums for its strong evasion techniques and relatively low price. This malware harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files.
FakeUpdates: FakeUpdates is a downloader that led to further compromise via many additional malwares, including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult.
Remcos: Remcos is a RAT that first appeared in the wild in 2016 and distributes itself through malicious Microsoft Office documents, which are attached to spam emails. It is designed to bypass Microsoft Windows security.
Top mobile malwares
Anubis: Anubis is a banking Trojan malware designed for Android mobile phones and can undertake actions like keylogging and audio recording. It has been detected on hundreds of different applications available in the Google Store.
AhMyth: AhMyth is distributed through Android apps that can be found on app stores and various websites. When a user instals one of these infected apps, the malware can collect sensitive information from the device.
SpinOk: SpinOk is an Android software module that operates as spyware. It collects information about files stored on devices and can transfer them to malicious threat actors. The malicious module was found present in more than 100 Android apps and downloaded more than 421,000,000 times until May 2023.
When it comes to top attacked industries globally, Education/Research remained in first place, followed by Communications and Government/Military.
end of article