Top 10 Malware Affecting Australians

Check Point Research (CPR has published its latest Global Threat Index for August 2021 and identified the top 10 malware affecting Australians in August.

Concerningly, FluBot has re-entered the list, impacting 1.48% of Australian cyber security cases. The Android malware easily accessible, and is distributed via phishing SMS messages, often impersonating logistics delivery brands such as voicemail notifications.

Formbook has jumped from third position up to the top spot within the last month, impacting 2.96% of Australians. Known for its strong evasion techniques and relatively low price, FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C.

Top 10 Malware in Australia for August:

1. Formbook, ↑ 2.96% (percentage of Australian cyber incident cases impacted by this specific malware)
   First detected in 2016, FormBook is an InfoStealer that targets the Windows OS. It is marketed as MaaS in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C.
2. Trickbot, ↓ 2.34% (percentage of Australian cyber incident cases impacted by this specific malware)
   Trickbot is a modular Botnet and Banking Trojan that targets the Windows platform, mostly delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules: from a VNC module for remote control, to an SMB module for spreading within a compromised network. Once a machine is infected, the Trickbot gang, the threat actors behind this malware, utilize this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organisation itself, prior to delivering a company-wide targeted ransomware attack.
3. Mespinoza, ↓ 2.22% (percentage of Australian cyber incident cases impacted by this specific malware)
   Mespinoza (aka pysa) is a ransomware trojan first discovered in 2019. Mespinoza encrypts files using asymmetric encryption and then blackmails the user.
4. FluBot, ↑ 1.48% (percentage of Australian cyber incident cases impacted by this specific malware)
   FluBot is an Android malware distributed via phishing SMS messages, most often impersonating logistics delivery brands. Once the user clicks the link inside the message, FluBot is installed and gets access to all sensitive information on the phone.
5. Remcos, ↑ 1.36% (percentage of Australian cyber incident cases impacted by this specific malware)
   Remcos is a RAT that first appeared in the wild in 2016. Remcos distributes itself through malicious Microsoft Office documents which are attached to SPAM emails, and is designed to bypass Microsoft Windowss UAC security and execute malware with high-level privileges.
6. AgentTesla, ↑ 1.36% (percentage of Australian cyber incident cases impacted by this specific malware)
   AgentTesla is an advanced RAT (remote access Trojan) that functions as a keylogger and password stealer. Active since 2014, AgentTesla can monitor and collect the victim’s keyboard input and system clipboard, and can record screenshots and exfiltrate credentials entered for a variety of software installed on the victim’s machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client). AgentTesla is openly sold as a legitimate RAT with customers paying $15 – $69 for user licenses.
7. Ursnif, ↓ 0.99% (percentage of Australian cyber incident cases impacted by this specific malware)
   Ursnif is a Trojan that targets the Windows platform. It is usually spread through Exploit Kits, including Angler and Rig in their day. Ursnif steals information related to the Verifone Point-of-Sale (POS) payment software. It contacts a remote server to upload collected information and receive instructions. Moreover, it downloads and executes files on the infected system.
8. Floxif, ↑ 0.99% (percentage of Australian cyber incident cases impacted by this specific malware)
   Floxif is an info stealer and backdoor, designed for Windows OS. It was used in 2017 as part of a large scale campaign in which attackers inserted Floxif (and Nyetya) into the free version of CCleaner (a cleanup utility) thus infecting more than 2 million users, amongst them large tech companies such as Google, Microsoft, Cisco, and Intel.
9. Zloader, ↑ 0.99% (percentage of Australian cyber incident cases impacted by this specific malware)
   Zloader is a descendant of the ubiquitous Zeus banking malware which uses webinjects to steal credentials, passwords and cookies stores in web browsers, and other sensitive information from customers of banks and financial institutions. The malware lets attackers connect to the infected system through a virtual network computing client, so they can make fraudulent transactions from the users device.
10. Glupteba, ↑ 0.86% (percentage of Australian cyber incident cases impacted by this specific malware)
    
    Known since 2011, Glupteba is a backdoor that gradually matured into a botnet. By 2019 it included a C&C address update mechanism through public BitCoin lists, an integral browser stealer capability and a router exploiter.