Experts discovered Qbot in 2008; over the years, it has evolved from an ordinary info-stealer into a real “Swiss knife” for hackers.

Today, Qbot is capable of, for example, delivering other types of malware to the infected system, and can even be used to remotely connect to the target system to carry out banking transactions using the victim’s IP address.

As a rule, Qbot spreads in a classic way: through phishing emails that contain dangerous attachments or lure users to malicious sites controlled by hackers – say the researchers

Check Point experts remind that the updated version of Qbot can steal emails from its victims and then use them to send spam, thereby creating more believable decoys.

Between March and August 2020, Check Point researchers discovered several campaigns with an updated version of Qbot, including a campaign where malware was masked using Emotet. According to experts, in July 2020, this campaign affected 5% of organizations in the world.

Attackers are always looking for ways to improve malware. Now they are investing heavily in developing Qbot – it can be used to steal data massively from organizations and ordinary users. We have already seen active malicious spam campaigns that Qbot has been distributing. We also noted that sometimes Qbot is spread using another Trojan, Emotet – says Vasily Diaghilev, head of Check Point Software Technologies

Overall, in August 2020, the top most active malware looked like this:

• Emotet is an advanced self-spreading modular Trojan. Was once an ordinary banker but has recently been used to distribute malware and campaigns. New functionality allows sending phishing emails containing malicious attachments or links.
• Agent Tesla – Advanced Remote Access Trojan (RAT). AgentTesla has been infecting computers since 2014, acting as a keylogger and password stealer.
• FormBook is an info-stealer first discovered in 2016. It is marketed as MaaS in underground hacking forums due to its advanced evasion techniques and relatively low cost. FormBook collects credentials from various browsers, takes screenshots, monitors, and logs keystrokes, and can download and execute files as ordered from the command server.

Let me remind you that Emotet topped the rating of the most common threats in 2019 and, it seems, is not going to lose its positions.

Companies must consider introducing security solutions to prevent such content from reaching users. It is important to remind employees to be very careful when opening emails, even if they appear to come from a trusted source at a glance.

The post Qbot Trojan Entered The Top Of The Most Widespread Malware appeared first on Gridinsoft Blog.

Experts said that for the first time in three years, a mobile Trojan entered the general list of malware, and it has become the most widespread mobile threat in the last month.

The XHelper Mobile Trojan has been active since March 2019. A multi-purpose trojan designed for Android users is able to download other malicious applications and display malicious ads.

“The application is able to hide itself from user and mobile anti-virus programs and reinstall itself if the user uninstalls it. Over the past six months, the malware code has been constantly updated, which helped him bypass mobile anti-virus solutions and continue to infect new devices”, – say the researchers.

As a result, he took 8th place in the top 10 malware.

XHelper is a versatile, multi-purpose malware that can be adapted to the needs of criminals, such as ransomware, spam campaigns, or malicious ads.

Researchers also note the activity of the Formbook infostiller – it affected almost 12% of organizations. The main danger of Formbook and other similar programs is that for a long time they can go unnoticed in order to collect as much information as possible from the victim’s device. Info-dealers can steal information about bank account, credit card number, phone number and more.

“Now criminals are trying to use several different tactics to monetize their operations, instead of following a single trend, such as crypto mining, which dominated in 2018. Therefore, it is important that organizations implement the latest generation of anti-virus solutions not only in their networks, but also on employees’ mobile devices, in order to protect all enterprise endpoints. It is necessary regularly remind employees of the dangers of opening attachments from emails or clicking on links that come from unknown sources”, – tell representatives of Check Point Software Technologies.

The most active malware in November 2019 in the world was:

Emotet maintained its position in the top of the list of malware, affecting 9% of organizations in the world. XMRig (7%) and Trickbot (6%) are in the second and third place respectively.

1. Emotet is an advanced self-propagating modular trojan. Emotet was once an ordinary banking trojan, and has recently been used to further spread malware and campaigns. The new functionality allows sending phishing emails containing malicious attachments or links.
2. XMRig is open source software first discovered in May 2017. Used to mine Monero cryptocurrency.
3. Trickbot – one of the dominant banking trojans, which is constantly updated with new features, functions and distribution vectors. Trickbot is a flexible and customizable malware that can spread through multi-purpose campaigns.

The most active mobile threats in November 2019:

xHelper, the new program on the list, has become the most common malware for mobile devices. It is followed by Guerilla and Lotoor.

1. xHelper is a malicious Android application, active since March 2019, it was used to download other malicious applications and display ads. The application is able to hide itself from user and mobile anti-virus programs and reinstall itself if the user uninstalls it.
2. Guerilla – clicker for Android, which can interact with the remote control server, download additional malicious plugins and aggressively clicks on ads without the consent of the user.
3. Lotoor – a program that uses vulnerabilities in the Android operating system to obtain privileged root access on hacked mobile devices.

The most common vulnerabilities in November 2019:

1. SQL injection – inserting SQL code into the input from the client to the page using a vulnerability in the application software.
2. HeartBleed error in OpenSSL TLS DTLS software (CVE-2014-0160; CVE-2014-0346) – a vulnerability exists in OpenSSL that could reveal the contents of memory on a server or on a connected client. The vulnerability related to an error when processing Heartbeat TLS/DTLS packets.
3. Remote code execution MVPower DVR. An MVPower DVR device has a remote code execution vulnerability. An attacker could use this vulnerability to execute arbitrary code on a vulnerable router using a specially crafted request.

A complete list of the top 10 malware families for November can be found on the Check Point blog.

Do not forget about the dangers of various ransomware programs, as, for example, the international software company Altran, the Norwegian aluminum producer Norsk Hydro, as well as the American chemical companies Hexion and Momentive suffered from LockerGoga during the outgoing year. Now LockerGoga creators and distributorS, at the request of the French authorities, are looked for in Ukraine.

The post Check Point named the most dangerous malware of November 2019 appeared first on Gridinsoft Blog.