Check Point Research Experts prepared a report about the most active threats in April 2021. Researchers report that AgentTesla Trojan ranked second in the ranking for the first time, while Dridex is still in first place.
Dridex is often used at the initial stage of infection in ransomware operations, which are becoming more and more numerous. For example, in March, researchers warned that in early 2021 the number of ransomware attacks increased by 57%. Alas, this trend continues to develop: in general, it has already shown an increase of 107% compared to the same period last year. In 2020, estimated experts, the damage from ransomware around the world amounted to about $ 20 billion, which is almost 75% higher than in 2019.
For the first time, AgentTesla has taken the second place in the rating of the company. It is an advanced RAT (Remote Access Trojan) that has been infecting computers since 2014, acting as a keylogger and password stealer. The malware is capable of monitoring and collecting data entered from the victim’s keyboard, taking screenshots and extracting credentials related to various programs installed on the infected machine (including Google Chrome, Mozilla Firefox, and Microsoft Outlook).
“We’re seeing a huge increase in ransomware attacks around the world, so it’s no surprise that the most popular malware in April is associated with this trend. On average, every 10 seconds, one organization in the world becomes a victim of ransomware, – says Vasily Diaghilev, head of Check Point Software Technologies in Russia and the CIS. – Hackers often use the names of well-known organizations for their attacks. This time they imitated the QuickBooks brand – an accounting software package widespread in the United States – but it is also found in Russia. The malicious emails contained fake payment notifications and invoices. Organizations need to be aware of these risks and provide not only suitable security solutions, but also employee training. The human factor is still the most vulnerable link, so it is very important that employees can recognize phishing emails. It is through them that ransomware infections often occur. “
The ranking of the most active malware in April 2021 in Russia is as follows:
- Trick bot is one of the dominant banking Trojans, which is constantly being supplemented with new capabilities, functions and distribution vectors. Trickbot is flexible and customizable malware that can be distributed through multipurpose campaigns. Attacked 14% of organizations.
- Fareit is a Trojan discovered in 2012. Its varieties steal user passwords, FTP accounts, phone numbers and other data stored by browsers. Capable of installing other malware on infected devices. Attacked 11% of organizations.
- XMRig– open source software, first discovered in May 2017. Used to mine Monero cryptocurrency. Found in 7% of organizations.
In the world as a whole, the situation looks a little different:
- Dridex is a banking Trojan that infects Windows systems. It is spread using spam mailings and sets of exploits that use injections to steal personal data, as well as bank card data. Attacked 15% of organizations.
- AgentTesla is an improved RAT that has been attacking computers since 2014, acting as a keylogger and password stealer. Capable of monitoring and collecting the victim’s keyboard input, taking screenshots and extracting credentials related to various programs installed on the victim’s computer (including Google Chrome, Mozilla Firefox, and Microsoft Outlook). Attacked 12% of organizations.
- Trick botIs one of the dominant banking Trojans, which is constantly being supplemented with new capabilities, functions and distribution vectors. Trickbot is flexible and customizable malware that can be distributed through multipurpose campaigns. Attacked 8% of organizations.
ProApk on Google News – http://bit.ly/pro-apk-google-news
ProApk on Telegram – http://t.me/proapk_in
ProApk on Twitter – http://twitter.com/xdapirates
ProApk on Facebook – http://bit.ly/pro-apk-facebook