Check Point Experts summed up the results of October 2019. According to them, cryptocurrency miners for the first time in two years have lost their leadership in the ranking of the most active malware.
Researchers note that the activity of mining malvari continues to decline gradually from 2018, when it was at its peak. So, in January and February 2018, this type of malware affected the activities of more than 50% of organizations worldwide. But just a year later – in January 2019 – activity fell to 30%, and in October of this year, only 11% of the world's companies affected the actions of miners.
As a result, the most active malware in October 2019 was the Emotet botnet, which a month earlier had only the fifth rating position and affected 14% of organizations in the world. At the end of the month, the botnet was actively distributing Halloween spam. The subject of emails included congratulations (“Happy Halloween”) and invitations to the holiday (“Halloween Party Invitation”), and the messages contained a malicious file.
In second place was XMRig, whose attacks accounted for 7% of companies in the world. Three dangerous malware closed Trickbot with a coverage of 6%. As a result, the list of the most active malvari in the world is as follows:
- Emotet – Advanced self-propagating modular trojan. Emotet was once an ordinary banner, but has recently been used to spread other malware and campaigns. New functionality allows you to send phishing emails containing malicious attachments or links.
- XMRig – Open source software first discovered in May 2017. Used to mine Monero cryptocurrency.
- Trickbot – One of the dominant banking Trojans, which is constantly updated with new features, functions and distribution vectors. Trickbot is a flexible and customizable malware that can spread through multi-purpose campaigns.
In Russia, the situation is slightly different: the first place on the Russian list of the most active malvari is still held by the Cryptoloot miner, overtaking XMRig and Emotet.
“The influence of crypto miners on organizations around the world decreased by almost 70% during 2019. Nevertheless, in Russia, the crypto miner Cryptoloot still ranks first in the ranking, affecting just over 15% of organizations, ”comments Vasily Diaghilev, head of Check Point Software Technologies in Russia and the CIS.
The list of the most active mobile threats in October 2019 has also changed. So, in October, the Guerrilla Trojan became the most common mobile threat, followed by Lotor and Android Bats in the ranking.
- Guerilla – clicker for Android, which can interact with the manager of the servers, download additional malicious plugins and aggressively wind up advertising clicks without the consent or knowledge of the user.
- Lotoor – A program that uses vulnerabilities in the Android operating system to obtain privileged root access on hacked mobile devices.
- AndroidBauts – Adware intended for Android users that steals IMEI, IMSI, GPS location and other device information and allows you to install third-party applications on infected devices.