Malware trend August 2022: Emotet no more #1

Sicherheit (Pexels, allgemeine Nutzung)[German]CheckPoint has released its Global Threat Index for August 2022, a top list of malware infections. Surprisingly for me, the previously frequently mentioned Emotet ransomware has been displaced from the top spot it held in previous months. Now, a malware called FormBook is in the No. 1 spot, followed by AgentTesla, the latter being no stranger either. Here is some information on the threat landscape provided to me by CheckPoint.


Advertising

FormBook most prevalent malware

According to the CheckPoint Global Threat Index for August 2022, FormBook is now the most prevalent malware, replacing Emotet. The Emotet malware had held this position since its resurgence in January 2022.

FormBook is an infostealer that targets Windows operating systems. Once installed, the malware can intercept credentials, collect screenshots, monitor and log keystrokes, and download and execute (C&C) files according to its commands. Since its first discovery in 2016, Infostealer has made a name for itself and is marketed as malware-as-a-service (MaaS) on underground hacker forums. The malware is known for its strong evasion techniques and relatively low price.

GuLoader and Joker trending

In August 2022, GuLoader activity increased rapidly, according to CheckPoint. This resulted in it being the fourth most distributed malware. GuLoader was originally used to download Parallax RAT. However, the malware has since been used for other remote access Trojans and infostealers such as Netwire, FormBook and Agent Tesla. It is usually spread via extensive email phishing campaigns that trick the victim into downloading and opening a malicious file so that the malware can begin its work.

In addition, Check Point Research reports that the Android spyware Joker is back in business, ranking third on this month's list of the biggest mobile malware. Once installed, Joker can steal SMS messages, contact lists and device information, and sign the victim up for paid premium services without their consent. The rise of the malware can be partly explained by an increase in campaigns, as it was recently detected in some applications in Google Play Store.

The other trends

The above changes show how much the threat landscape can change within a few weeks. Threat actors are constantly evolving their capabilities and tools. Individuals and businesses have no choice but to stay up to date on the latest threats and how to protect themselves.


Advertising

It should also be noted that the education/research sector remains the most targeted industry for cybercriminals worldwide. The second and third most frequently attacked sectors are government/military and healthcare. "Apache Log4j Remote Code Execution" is again the most exploited vulnerability, affecting 44 percent of organizations worldwide, overtaking the "Web Server Exposed Git Repository Information Disclosure" vulnerability, which affected 42 percent of organizations, CheckPoint said.

Check Point's Global Threat Impact Index and ThreatCloud Map are based on Check Point's ThreatCloud Intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide across networks, endpoints and cell phones. This intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the Intelligence & Research arm of Check Point Software Technologies. For the full list of the top ten malware families worldwide in August, visit the Check Point blog.


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).