Recently specialists from CheckPoint Research published a report where they provide us with information on what’s exactly going on in the malware world right now. In its latest Global Threat Index for March 2022 researchers report the list of malware that continues to make headlines for various cases of infections worldwide. The report covers the top malware families, top attacked industries globally, top exploited vulnerabilities and top mobile malware.
Top Malware Families In 2022
Last month Emotet became malware with a global impact of 10% of organizations. It was followed by Agent Tesla and XMRig both infected 2% of organizations each:
Originally designed to be a banking trojan with the aim of stealing financial data it has evolved into a major threat for users worldwide. Initially, security researchers detected the malware in 2014. In the later versions of the software its developers added spamming and malware delivery service — including the delivery of other banking trojans. The Department of Homeland Security estimated that the costs to clean up after the infection of this particular kind of malware went up to $1M per incident;
Agent Tesla RAT
It is “Malware-as-a-service” RAT (Remote Access Trojan). This malware first appeared in 2014 as well. It mainly gets delivered via phishing emails and shows the capabilities for credential stealing, form grabbing, screen capture and keylogging. The even more danger lies in its capability to exfiltrate credentials from various software like Microsoft Outlook, Mozilla Firefox and Google Chrome. Cybersecurity specialists note that the malware uses various quite stealthy techniques to evade detection and also makes the analysis difficult;
The XMRig CPU Miner is a Trojan Horse that many users unknowingly install on their computers. It takes control of the user’s machine to mine cryptocurrencies. Most often, crooks opt for DarkNetCoin, Dashcoin, Monero, and Bitcoin. Because it has been disguised to look like an Adobe Flash Player update, often-targeted software program users are easily tricked into installing it thinking they will have a legitimate update.
Top Mobile Malware in 2022
Did you know that your smartphone is much more powerful than the computers taking the first human on the Moon? Incredible fact. If you were wondering what is the most dangerous mobile malware in the world then you might also be interested first to take a look at the mobile malware that also made headlines in the past couple of months this year:
A Malware-as-a-Service (MaaS) for Android devices that allows for the injection of malicious code into legitimate financial applications. After doing this an attacker will obtain access to the victim’s account and also completely take control of the targeted device. After the control is taken, the threat actor can now do whatever is possible like they would physically holding the device.
First time it was seen was in March 2019. Cybersecurity specialists note the significant difficulties in detecting and deletion this particular malware. It is a Trojan dropper that delivers malware on mobile devices. In 2019 during a six months period, it infected over 45,000 devices. The malware is known for its persistence to remove. Even if the user does the factory reset of the infected device it will still show up.
This malware works both as spyware and as a banker. Once it gets on your Android device the malware will steal your debit and credit card information, also steal your crypto stock if you have one. That inflicts significant financial losses, especially if you does not distribute your savings. But that’s not all the things this kind of malware can and will do. It also copies your contact list and then will automatically send malicious links to all unsuspecting receivers.
What Are The Most Common Malware Types
It’s quite hard to name all the malware types under the sun. Some of them exist, some are extinct, and some evolved and assimilated with another type. Certain malware types appear exclusively as complementary (or a precursor) to other types. To clear things up, let’s have a look at the most widespread malware.
The ever-growing threat for many enterprises and companies around the world. It encrypts the targeted victim files and data and then demands ransom for their release back to owners. Some more sophisticated variants of the malware will deploy the double extortion technique that’s when the criminals also threaten the victim to publish the stolen data unless the payment was not made. The most famous ransomware variants that constantly made headlines by hitting the big fish of business are Wannacry, Ryuk, Petya, NotPetya, Maze, Locky and GoldenEye.
This type of malware will secretly collect the information on the targeted device and give it back. Further, crooks that operate this malware will sell it to advertisers or other threat actors. In some cases, operators use spyware as stalkerware, as it has the possibility to track a person’s location. Spyware accesses personal data such as videos and photos, record phone conversations, and read emails and text messages. It can be difficult to detect but some common signs like the reduction of battery work may hint at the presence of this type of malware.
This is the type of malware that once gets on your device will constantly display unwanted and irritating advertisements. By doing this rather innocent malicious action it generates revenue for its creators. The malware can be found both on computers and mobile phones. But sometimes with the infection of adware you can also get a much more serious type of malware as some forms of adware are highly flexible in developer`s terms. It’s usually the freeware or shareware that you get the adware installed with.
Malicious software that will make changes to the browser`s settings, appearances and behavior without user’s consent. A hacked browser also generates advertising revenue and sometimes conducts even more dangerous actions like keystroke logging or data collection. Often browser hijackers install other types of malware like spyware, adware or others. This malware may get to your device after installing some browser`s plugins, extensions and add-ons.
Coin Miner Malware
Or as they are also called cryptocurrency miners are the programs that generate Ethereum, Monero, Bitcoin and other kinds of cryptocurrencies that are on the rise. Malware developers exploit the legitimate miner programs to take advantage of someone else’s resources like network bandwidth, power, GPU, RAM and CPU. The main signs that the computer is infected with a coin miner will include slow response times, frequent restarts or crashes, overheating, unusually high GPU and CPU usage.
How To Prevent Malware Attacks?
With all this being said it won’t be a waste of time to once more get a reminder on how to keep this and every malware out of your way and have everything in place when the danger comes:
- Implement email spam protection. A significant share of malware injection happens because of spam emails. Security measures will never be excessive there. Set a scan of every email attachment you receive to see if there’s something malicious in the incoming message. Also enable the spam filter to reduce the number of unwanted emails;
- Limit your applications’ privilege. Go through any privileges you have granted the apps on your phone. See if there is something suspicious or unnecessary among the permissions your apps have. Check up all of them, but pay the most attention to no-name apps. They often ask for things they don’t really need for regular functionality. Hence, someone can misuse these permits;
- Update all your software regularly. That’s one of the first cybersecurity rules that you should follow. Update your software as soon as updates become available. Don’t let cybercriminals exploit vulnerabilities in any of the apps you have installed and take advantage of that.
- Enable secure authentication methods. One of the best practices is to keep the accounts safe. Use strong passwords that will include at least eight characters among them uppercase, lowercase letters, symbols and numbers in each password. Also, enable multi-factor authentication like PIN or security questions in addition to a password. Instead of saving passwords on a computer using a secure password manager.
- Install good antivirus software. This software should be on the main line of defense on your mobile phone and computer. Make sure to regularly update it. Once it detects the threat, remove it as soon as possible. Scan your files for suspicious alterations. If you are thinking about using a new antivirus software you can try Loaris Trojan Remover.