Most Common Malwares To Watch Out in 2021

Check Point Research, the research division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), one of the world’s leading providers of cybersecurity solutions, has released its September 2021 Global Threat Index.

As of September, Trickbot is the most popular malware affecting 4% of organizations worldwide, followed by Formbook and XMRig, each affecting 3% of organizations worldwide.

Below is a list of some of the most common malware to watch out in 2021.

1. Dridex – Dridex is a Trojan virus that targets the Windows platform and is reportedly downloaded via an email spam attachment. Dridex communicates with a remote server and sends information about the infected system. It can also download and execute arbitrary modules received from the remote server.

2. Agent Tesla – Agent Tesla is able to monitor and collect information entered by the user while still stealing screenshots to obtain credentials in various software installed on the victim’s computer, such as Google Chrome, Mozilla Firefox and Microsoft Outlook e-mail program.

3. Trickbot – Trickbot is a banking trojan that is constantly updated with new features. This allows Trickbot to be a flexible and customizable malware that can be distributed as part of multipurpose campaigns.

It targets Windows platforms and is mainly transmitted via spam or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute modules arbitrarily from a wide range of available, such as a VNC module for remote use or an SMB module for deployment within an affected network. Once a machine is infected, the threat agents behind Trickbot malware use this wide range of modules not only to steal bank credentials from the target computer, but also to laterally move and identify the organization itself before a targeted attack.

4. xHelper – xHelper is a malicious application that has been in the spotlight since March 2019 and is used to download other malicious applications and display ads. The application is able to “hide” from the user and be reinstalled automatically in case it is uninstalled. In September, xHelper remained at the forefront of the most prevalent mobile malware, followed by AlienBot and FluBot.

5. Triada – Infects Android and provides super-user privileges to downloaded malware.

6. Hiddad – Hiddad is an Android malware that repackages legitimate applications and then releases them to a third-party store. Its main function is to display ads, but it can also access basic security details embedded in the operating system.

7. FormBook – FormBook was first detected in 2016 and it steals information. Targets the Windows operating system. FormBook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files as instructed by its C&C. It is advertised in hacking forums as a tool that has powerful avoidance techniques and relatively low prices.

8. Joker – Joker can access the device from Google Play and is designed to steal SMS messages, contact lists and device information. In addition, the malware secretly registers the victim in premium services for advertising sites.

9. XMRig – XMRig is a software used for the production process of the Monero cryptocurrency and was first observed in May 2017.

10. Remcos – Remcos is distributed through malicious Microsoft Office documents that attach to SPAM emails and is designed to bypass the security of Microsoft Windows and run malicious software with high privileges.

11. Danabot – Danabot targets the Windows platform. The malware sends information to its control server and downloads and decrypts a file to run on the infected computer. Additionally, the malware creates a shortcut in the user’s boot folder to ensure that it stays on the infected system.

12. AlienBot – The AlienBot family of malware is a Malware-as-a-Service (MaaS) for Android devices that allows a remote intruder to initially enter malicious code into legitimate financial applications. The attacker gains access to the victims’ accounts and eventually takes full control of their device.

13. FluBot – FluBot is a malicious Android software that is distributed via phishing and usually impersonates logistics companies. As soon as the user clicks on the link in the message, FluBot is installed and accesses all the sensitive information on the phone.

Malware Families

  • AgentTesla is an advanced RAT (Trojan Remote Access) that acts as a keylogger and password thief. Active since 2014, AgentTesla can track and collect victim keypad input and draft system, and capture screenshots and extract credentials imported for a variety of software installed on the victim machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client). AgentTesla sells openly as a legal RAT with customers paying $ 15- $ 69 for licenses.
  • Remcos is a RAT first introduced in 2016. Remcos is distributed through malicious Microsoft Office documents that attach to SPAM emails and is designed to bypass Microsoft Windowss UAC security and run malware with high level privileges.
  • NanoCore is a remote access Trojan, first observed in nature in 2013 and targeting users of the Windows operating system. All versions of RAT have basic add-ons and features such as screen capture, cryptocurrency mining, remote desktop control and webcam session theft.

Most VPN providers have features that can block malicious websites or ads, therefore they offer indirect protection from malware infections and other threads.