Check Point Researchers Publish Traditional Report Global Threat Impact Index for March 2021. It turned out that this month the banking Trojan IcedID (aka Bokbot) entered the ranking of the most active malware for the first time, and immediately took second place in it. The first place in March went to the Dridex Trojan, which in February it was only on the seventh line of the top.
In the past month, IcedID, which first appeared in 2017, was actively spread through several spam campaigns, affecting about 11% of organizations worldwide. One of the largest campaigns used the COVID-19 theme to draw victims’ attention to the lures of hackers. Most of the malicious attachments in this campaign were Microsoft Word documents with malicious macros.
Once installed, this Trojan attempts to steal account information, payment information, and other sensitive information from victims’ devices. IcedID can also be spread by other malware and used at the initial stage of an attack during operations with ransomware.
“IcedID has been around for several years. In recent years, it has become heavily exploited, showing that cybercriminals continue to adapt their methods for increasingly successful attacks. And they still use the COVID-19 theme, ”comments Vasily Diaghilev, head of Check Point Software Technologies in Russia and the CIS. – IcedID is a very dangerous Trojan. It uses several methods to successfully steal data. We recommend that organizations ensure that their security systems are robust to prevent compromised networks and minimize risks. It is very important to educate employees in cyber literacy so that they can recognize dangerous emails that spread IcedID and other malware. “
According to Check Point, the list of the most active malware in the world is as follows:
- Dridex is a banking Trojan that infects the Windows operating system. Dridex spreads using spam mailings and sets of exploits that use web injections to intercept personal data, as well as bank card data of users. In March, it attacked 16% of organizations around the world.
- IcedID–– a banking Trojan that spreads through malicious spam campaigns. To steal financial data, it is embedded in browser processes to display fake content instead of original pages. Uses techniques to obfuscate and encrypt native code to make detection and analysis more difficult. Attacked 11% of companies.
- Lokibot– an info-stealer, spreads mainly through phishing emails. Used to steal various data: email credentials, passwords to CryptoCoin wallets and FTP servers. Attacked 9% of companies.
The list of the most active malware in Russia differs from the global one:
- Fareit is a Trojan discovered in 2012. Its variants steal user passwords, FTP account data, phone numbers and other information stored by the victims’ browsers. It is capable of installing other malware on infected devices and was used to spread the P2P Game over Zeus Trojan.
The Fareit source code (version 1.9) has been published online, and now any attacker can modify it and use it in malicious campaigns.
- XMRig– open source software, first discovered in May 2017. Used to mine Monero cryptocurrency.
- Trick bot is one of the dominant banking Trojans in the world, which is constantly being supplemented with new capabilities, functions and distribution vectors. It is flexible and customizable malware that can be distributed through multi-purpose campaigns.
Information security analysts attribute the success of IcedID to the elimination of the Emotet botnet in January 2021. After his death, criminals switched to Dridex, Trickbot and Qakbot, but now IcedID is also gaining popularity. For instance, in the opinion researchers from the Binary Defense company, “several hack groups are using IcedID as a dropper at once.” Also this week Microsoft experts warned about malware activity.
ProApk on Telegram – https://t.me/proapk_in
ProApk on Google News – https://news.google.com/publications/CAAqBwgKMP_S9AowhYDbAg
ProApk on Twitter – https://twitter.com/xdapirates
ProApk on Facebook – https://facebook.com/www.proapk.in