June 2022: MaliBot, New Banking and Poses Dangerous to Mobile Banking Users

 According to the latest Global Threat Index, MaliBot is third on the list of most dangerous mobile malwares. After the May end takedown of FluBot, MaliBot emerged.

MaliBot claims to be a cryptocurrency mining app under various names. To steal financial information, it targets mobile banking users. MaliBot is similar in nature to FluBot. It uses phishing SMS messages (smishing) to lure victims into clicking on malicious links that will redirect them onto a fake app.

Emotet is still the most downloaded malware this month. After a significant increase in activity over the eighth place last month, Snake Keylogger now occupies third place. Snake Keylogger is primarily used to track keystrokes and send data to threat agents. Snake Keylogger was originally sent to us in PDF format in May. It has been sent to us via email as an attachment with Word attachments tagged as requests for quotations. Researchers also discovered a new version of Emotet, which targets Chrome browser users and allows for credit card theft.

While it's always encouraging to see law enforcement achieve success in removing cybercrime groups, malwares like FluBot, it didn't take long before another mobile malware took their place. Cybercriminals are well aware of the importance mobile devices have in people's lives, and adapt their strategies accordingly. Mobile malware is a grave threat to personal and enterprise security. It is vital to have a robust mobile threat prevention system.

This month, we also disclosed that Apache Log4j remote code execution is the most commonly exploited vulnerability. It is affecting 43% of all organizations worldwide. The global Web Server Exposed Git Repository information disclosure has a 42.3% impact. Web Servers Malicious URL Directory Transversal is third with a 42.1% global impact.

Top Malware Family

*The arrows show the rank change relative to the previous month.

Emotet is still the most popular malware with 14% worldwide impact. Each of Formbook and Snake Keylogger have 4.4% impact on organisations around the globe.

  1. Emotet Emotet can be described as a modular, advanced, and self-propagating Trojan. Emotet was initially used to distribute banking Trojans. However, it's now being used to spread other malware and malicious campaign. Emotet employs multiple methods to keep its persistence and avoid detection. Emotet can also be spread through phishing spam emails attachments and links.
  2. Formbook Formbook Formbook is an Infostealer which targets the Windows OS. It was discovered for the first time in 2016. For its strong evasion techniques, low price and high market appeal, it is called Malware-as-a-Service or MaaS (Malware-as-a-Service) in underground hacking forums. FormBook gathers credentials from various web browsers, logs keystrokes and monitors them. It can then download and execute files according to its C&C.
  1. Snake Keylogger – This modular.NET keylogger/credential stealer was first discovered in November 2020. It tracks keystrokes and sends them to threat actors. It can steal sensitive information from users and is persistent and evasive.

2.   Agent Tesla - Agent Tesla, a sophisticated RAT, is capable of collecting keystrokes and system inputs from victims. It can also take screenshots and steal credentials to various software programs (including Microsoft Outlook, Google Chrome, Mozilla Firefox, and Mozilla Firefox).

3.   XMRig – XMRig, an open-source CPU mining program used to mine Monero cryptocurrency. Threat actors often use this open-source software to illegally mine victim's computers.

4.   Remcos - Remcos was a RAT first discovered in the wild in 2016. Remcos spreads via SPAM email attachments to malicious Microsoft Office documents. It uses Microsoft Windows UAC security bypass to execute malware with high-level privileges.

5.   Phorpiex – Phorpiex (aka Trik), is a botnet and has been around since 2010. At its peak, it controlled more than a million infected host. It is well-known for spreading malware via spam attacks and fueling large spamming and sextortion operations.

6.   Ramnit – Ramnit was a modular banking Trojan that was first discovered in 2010. Ramnit steals victim account credentials by using web session information. This applies to both bank and corporate accounts, as well as social network accounts. The Trojan can be contacted by the C&C server and downloaded additional modules. It uses both hardcoded domains as well as domains generated using the DGA (Domain Generation Algorithm).

7.   Glupteba – Glupteba was a backdoor that gradually matured into a botnet. It was equipped with a C&C address update mechanism through public Bitcoin lists, a browser theft capability, and a router exploiter.

8.   NJRat – NJRat is a remote-access Trojan that can be used by both State and Crimeware. The Trojan can steal keystrokes from victims, view their desktops, and even download and upload files. It can also manipulate file files and process them. NJRat is spread via phishing attacks and drive-by downloadings. With the aid of Command & Control software, it can also infect victims via infected USB keys or network drives.

DIGITAL DEVICES LTD

Long before Apple set an average consumers mindset to replacing their handheld gadgets in two years, Digital Devices Ltd believed in Moore's law that computing will double every two years. With our heritage from the days of IBM Personal Computer XT, our founders have gone through the technology advancements of the 1990s and 2000s realizing that technology is an instrumental part of any business's success. With such a fast pace industry, an IT department can never be equipped with the tools and training needed to maintain their competitive edge. Hence, Digital Devices has put together a team of engineers and vendor partners to keep up with the latest industry trends and recommend clients on various solutions and options available to them. From forming close relationships with networking and storage vendors like Juniper, SolarWinds and VMWare to high-performance computing by HPE or AWS Cloud solutions, Digital Devices Limited offers the latest technology solutions to fit the ever-growing needs of the industry.

 Our experts can guide you through the specifications and build cost efficiencies while providing high end, state-of-the-art customer services. We research and analyses market and its current demand and supply chain by offering wide range of bulk supplies of products like AKG C414 XLII, Shireen Cables DC-1021, Shireen Cables DC-2021, Dell p2419h monitor, Dell U2419H, Dell P2719H, Dell P2219H, Lenovo 62A9GAT1UK, LG 65UH5F-H and Complete IT Infrastructure products and services.

Comments

Post a Comment

Popular posts from this blog

Support Your Developing business with adaptable application stages

Image
  Reliable, effective, and reasonable - find the PowerEdge T40 from Dell and Intel Windows Server 2022 is here and it's carefully designed to safeguard efficiency with cutting edge development in multifaceted security, mixture abilities and adaptable application stages. Matched with the Dell EMC PowerEdge T40 controlled by the most recent Intel® Xeon® Scalable processors, you get the power, stockpiling, and security you really want to containerise your applications and scale your business with certainty. Also, with essential elements that address normal responsibilities, the T40 upholds your everyday tasks so you can zero in on your business. Further Developed Execution To Help Your Developing Business The Dell EMC PowerEdge T40 tower server is intended to help your private venture with the most recent age of Intel® Xeon® Scalable processors. Assume command over your information - remembering for site availability - and oversee costs by keeping away from obscure public cloud handli...
Read more