November 30, 2022

TheCyberThrone

Thinking Security ! Always

Most Headlined Malwares in 2021

In yesterday post , we have seen the most headlined ransomware attacks and breaches of 2021 . Today in this post, most prevailed malwares are been captured in alphabetical order. Malwares are treated as a infection vercor and used to take breaches and ransomware attacks to next stage

This year we have seen law enforcement agencies striking against the malware infrastructures rapidly. Despite major efforts from Europol and numerous law enforcement agencies earlier this year to bring down Emotet, the notorious botnet was confirmed to be back, and is even involved with the new variant of Emotet, which is being installed on infected machines using Trickbot’s infrastructure.

  • Dropped Malware delivered by other malware already on the system, an exploit kit, infected third-party software, or manually by a cyber threat actor.
  • Multiple Malware that currently favors at least two vectors.
  • Malspam Unsolicited emails, which either direct users to malicious web sites or trick users into downloading or opening malware.
  • Malvertisement – Malware introduced through malicious advertisements.

Agent Tesla

Agent Tesla is an advanced RAT functioning as a keylogger and information stealer, which is capable of monitoring and collecting the victim’s keyboard input, system keyboard, taking screenshots, and exfiltrating credentials to a variety of software installed on a victim’s machine (including Google Chrome, Mozilla Firefox, and the Microsoft Outlook email client).

CoinMiner

CoinMiner is a cryptocurrency miner that uses Windows Management Instrumentation (WMI) and Eternal Blue to spread across a network. CoinMiner uses the WMI Standard Event Consumer scripting to execute scripts for persistence. CoinMiner spreads through malspam or is dropped by other malware.

Advertisements

CopperStealer

CopperStealer is an infostealer that infects victims via malvertisement. It has multiple capabilities including anti-analysis, account credential theft (specifically service providers like Facebook, Instagram Twitter, Google, Amazon, and PayPal), data exfiltration, and the ability to drop other malware, such as Smokeloader.

CryptoWall

CryptoWall is a ransomware commonly distributed through malspam with malicious ZIP attachments, Java Vulnerabilities, and malicious advertisements. Upon successful infection, CryptoWall will scan the system for drive letters, network shares, and removable drives. CryptoWall runs on both 32-bit and 64-bit systems.

Dridex

Dridex is a Trojan that targets the Windows platform and is reportedly downloaded via a spam email attachment. Dridex contacts a remote server and sends information about the infected system. It can also download and execute arbitrary modules received from the remote server.

Emotet

Emotet is an advanced, self-propagating and modular Trojan. Emotet was once a banking Trojan, but recently has been used as a distributer for other malware or malicious campaigns. It uses multiple methods for maintaining persistence and Evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.

Formbook

Formbook is an Info-stealer that harvests credentials from various web browsers, collects screenshots, monitors, and logs keystrokes, and can download and execute files according to its C&C orders.

Advertisements

Gh0st

Gh0st is a RAT used to control infected endpoints. Gh0st is dropped by other malware to create a backdoor into a device that allows an attacker to fully control the infected device.

Hancitor

Hancitor, also known as Chanitor or Tordal, is a downloader that spreads through malspam containing malicious Microsoft Office documents, links, and attachments. This malware has been known to download additional malware, such as Pony, Ursnif, and Vawtrak,

Jupyter

Jupyter aka SolarMarker, is a .NET infostealer that is downloaded by leveraging SEO-poisoning to create watering hole sites for the purpose of getting unsuspecting user to visit their website and download a malicious document, often a zip or DPF file embedded with a malicious executable. It primarily targets browser data in browsers such as Chrome, Chromium, and Firefox and has full backdoor functionality.

Lokibot 

Lokibot is an Info Stealer distributed mainly by phishing emails and is used to steal various data such as email credentials, as well as passwords to Crypto Coin wallets and FTP servers.

Mirai

Miraj is a malware botnet known to compromise internet of things (IoT) devices in order to conduct large-scale DDoS attacks. Mirai is dropped after an exploit has allowed the attacker to gain access to a machine.

NanoCore

NanoCore is a RAT spread via malspam as a malicious Excel XLS spreadsheet. As a RAT, NanoCore can accept commands to download and execute files, visit websites, and add registry keys for persistence.

Advertisements

Phorpiex

Phorpiex is a botnet known for distributing other malware families via spam campaigns as well as fuelling large scale Sextortion campaigns.

Qbot

Qbot is a banking Trojan that first appeared in 2008, designed to steal users banking credentials and keystrokes. Often distributed via spam email, Qbot employs several anti-VM, anti-debugging, and anti-sandbox techniques, to hinder analysis and evade detection.

Shlayer

Shlayer is a downloader and dropper for MacOS malware. It is primarily distributed through malicious websites, hijacked domains, and malvertizing posing as a fake Adobe Flash updater.

TrickBot

TrickBot is a dominant banking Trojan constantly being updated with new capabilities, features, and distribution vectors. This enables TrickBot to be a flexible and customizable malware that can be distributed as part of multi purposed campaigns.

Ursnif 

Ursnif is a Trojan that targets the Windows platform and steals information and credentials for banking and email accounts. Moreover, it downloads and executes files on the infected system.

Advertisements

XMRig

XMRig is an open-source CPU mining software used for the mining process of the Monero cryptocurrency and was first seen in May 2017.

Zeus

ZeuS is a modular banking trojan which uses keystroke logging to compromise victim credentials when the user visits a banking website. Since the release of the ZeuS source code in 2011, many other malware variants have adopted parts of it’s codebase, which means that events classified as ZeuS may actually be other malware using parts of the ZeuS code.

%d bloggers like this: