Check Point Research (CPR) has published its latest Global Threat Index for September 2021 and identified the top 10 malware affecting Australians in September.
Banking trojan, Trickbot returned to the top position in September, having fallen into second place in August following a three-month long reign. It was also reported that one of Trickbot’s gang members was arrested as a result of a US investigation in addition to other charges that have been filed against the Trojan.
Top 10 Malware impacting Australians for September:
1. Trickbot, ↑ 3.26% (percentage of Australian cyber incident cases impacted by this specific malware)
Trickbot is a modular Botnet and Banking Trojan that targets the Windows platform, mostly delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules: from a VNC module for remote control, to an SMB module for spreading within a compromised network. Once a machine is infected, the Trickbot gang, the threat actors behind this malware, utilise this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organisation itself, prior to delivering a company-wide targeted ransomware attack.
2. Formbook, ↓ 2.41% (percentage of Australian cyber incident cases impacted by this specific malware)
First detected in 2016, FormBook is an InfoStealer that targets the Windows OS. It is marketed as MaaS in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C.
3. Cosmu, ↑ 1.57% (percentage of Australian cyber incident cases impacted by this specific malware)
Cosmu is a PC Trojan that tries to put a computer at risk of having additional malware downloaded without notice to the computer user. The malware would try to communicate with a remote server where it can download malware files and further infect the system.
4. Tofsee, ↑ 1.33% (percentage of Australian cyber incident cases impacted by this specific malware)
Tofsee is a backdoor Trojan, operating since at least 2013. Tofsee serves as a multipurpose tool that can conduct DDoS attacks, send spam emails, mine cryptocurrencies, and more.
5. Ursnif, ↑ 1.33% (percentage of Australian cyber incident cases impacted by this specific malware)
Ursnif is a Trojan that targets the Windows platform. It is usually spread through Exploit Kits, including Angler and Rig in their day. Ursnif steals information related to the Verifone Point-of-Sale (POS) payment software. It contacts a remote server to upload collected information and receive instructions. Moreover, it downloads and executes files on the infected system.
6. Dridex, ↑ 1.21% (percentage of Australian cyber incident cases impacted by this specific malware)
Dridex is a Banking Trojan that targets the Windows platform, observed delivered by spam campaigns and Exploit Kits, which relies on WebInjects to intercept and redirect banking credentials to an attacker-controlled server. Dridex contacts a remote server, sends information about the infected system and can also download and execute additional modules for remote control.
7. Remcos, ↑ 1.09% (percentage of Australian cyber incident cases impacted by this specific malware)
Remcos is a RAT that first appeared in the wild in 2016. Remcos distributes itself through malicious Microsoft Office documents which are attached to SPAM emails, and is designed to bypass Microsoft Windows UAC security and execute malware with high-level privileges.
8. Flubot, ↓ 1.09% (percentage of Australian cyber incident cases impacted by this specific malware)
FluBot is an Android malware distributed via phishing SMS messages, most often impersonating logistics delivery brands. Once the user clicks the link inside the message, FluBot is installed and gets access to all sensitive information on the phone.
9. Glupteba, ↑ 0.84% (percentage of Australian cyber incident cases impacted by this specific malware)
Known since 2011, Glupteba is a backdoor that gradually matured into a botnet. By 2019 it included a C&C address update mechanism through public BitCoin lists, an integral browser stealer capability and a router exploiter.
10. Yakes, ↑ 0.84% (percentage of Australian cyber incident cases impacted by this specific malware)
Yakes is a Trickler that targets the Windows platform. This malware creates a new process of svchost and injects malicious code into it. The malicious code is responsible for contacting a remote server, expecting to receive base64 encoded data. This data represents an URL to download malware on the infected system.