<з>Cualquiera.Ejecutar, interactive service for automated malware analysis has compiled a list of the ten most common threats downloaded to this platform. The Trojan Emotet topped this 2019 calificación de amenaza.
The top includes malware designed to steal all types of confidential information, Detalles del banco, and remote access tools to control a hacked host.
No.1 Emotet – 36,026 muestras
The Trojan was first discovered in 2014 and was used to intercept data transmitted through secure connections. Recall that in September of this year, Emotet returned to life after 4 months of inactivity. Operators sent emails containing malicious files and links for malware downloads. The victims of the campaign are users who speak Polish and German.
No.2 Agent Tesla – 10 324
Agente Tesla is an advanced tool for remote access (RATA). The malware has been infecting computers since 2014, acting as a keylogger and password stealer.
No.3 NanoCore – 6,527
NanoCore is the most popular tool among all RATs. In addition to providing remote access to the victim host, it can log keys, spy, execute files, capture video and audio, edit the registry, and control the mouse.
No.4 LokiBot – 5693
LokiBot has appeared in clandestine forums as an information thief and keylogger, but further development has added various features that allow it to avoid detection and collect confidential information.
No.5 Ursnif – 4,185
Ursnif is usually associated with data theft, but some versions come with such components as backdoors, software espía, or files’ embedding. Security researchers also associate with this threat the deployment of another malware, the GandCrab.
No.6 FormBook – 3,548
Malicious software was developed to capture data typed on the keyboard in web forms. Its functions include collecting credentials from web browsers (galletas, contraseñas), creating screenshots, stealing clipboard contents, keeping a key log, downloading and running executable files from the management and control server, and stealing passwords from email clients.
No. 7 HawkEye – 3,388
The keylogger supports intercepting keystrokes and allows stealing credentials from various applications and the clipboard.
No.8 AZORult – 2 898
The main function of the malware is to collect and extract data from a compromised system, including passwords stored in browsers, mail and FTP clients, galletas, web forms, billeteras de criptomonedas, and correspondence in instant messengers.
No.9 TrickBot – 2,510
Inicialmente, TrickBot was used only in attacks against Australian users, but in April 2017, it began to be used in attacks on banks in the USA, Gran Bretaña, Alemania, Ireland, Canada, Nueva Zelanda, Suiza, and France. Típicamente, it is distributed through Emotet and can download other malicious programs to the system (Por ejemplo, ransomware Ryuk).
No.10 njRAT – 2,355
njRAT is based on .NET and allows attackers to control the system completely. Previamente, the Trojan was distributed via spam messages containing advertising of cheat codes and a license key generator for the game “Need for Speed: World”. It has also been used in several malicious campaigns that use OpenDocument Text (ODT) archivos.
As was said before, the Check Point Research Team published the Global Threat Index report, listing the most dangerous malware of November 2019, so in the November ranking, in addition to obvious threats to mobile devices, also was leading Emotet.