Qbot has become the most widespread banking Trojan, surpassing Emotet, according to new figures.
According to new Check Point Global Threat Index figures for December XNUMX, Qbot (also known as Qakbot) affected seven percent of organizations globally, ranking ahead of Emotet (four percent).
Based on proprietary data, the Check Point report states that, in addition to Qbot and Emotet, XMRig completed the top 3 most common malware programs in the last month of the year.
Exploit known vulnerabilities
XMRig, which affects three percent of companies worldwide, is a cryptominer, a program that "mines" the XMR cryptocurrency for attackers. It is a popular application, which threat actors eminently seek to install on servers and other high-end machines.
When it comes to mobile devices, an entirely different set of malware prevailed. Anubis was the most popular variation, followed by Hiddad and AlienBot.
But in order to install this malware, hackers must have a way to access the target endpoints, which is done primarily through known vulnerabilities.
“Web Server Exposed Git Repository Information Disclosure” was the most commonly exploited vulnerability, Check Point stated, affecting nearly half (forty-six%) of organizations globally. “Malicious URL Directory Traversal Web Server” ranks second, affecting 3% of companies worldwide. The top XNUMX were completed with “Command INjection Over HTTP” – forty-three%.
Education and research continued to be the most targeted industries, ahead of the government and military, and health care.
"The focus of our latest research is how malware (opens in a new tab) often masquerades as legitimate software to give hackers backdoor access to devices without arousing suspicion," he said. Maya Horowitz, vice president of research at Check Point Software. why it is essential to exercise due diligence when downloading software and applications or clicking on links, regardless of their authenticity."
Last year, hackers were busy creating fake landing pages, tricking people into downloading malware, or leaking sensitive data. In one case, in late October last year, Malwarebytes cybersecurity researchers uncovered an essential campaign that used more than XNUMX landing pages to gain access to users' checking accounts.