Hi. Welcome to Ingram Micro.

Please choose your role, so we can direct you to what you’re looking for.

If you’d like to learn more about Ingram Micro global initiatives and operations, visit ingrammicro.com.

August’s top malware

November 18, 2022

August’s top malware

The Check Point Global Threat Index for August 2022 reports that FormBook is now the most prevalent malware, taking over from Emotet, which has held that position since its reappearance in January.

FormBook is an infostealer targeting Windows OS which, once deployed, can harvest credentials, collect screenshots, monitor and log keystrokes as well as download and execute files according to its command and control (C&C) orders. Since it was first spotted in 2016, it has continued to make a name for itself, marketed as a malware as a service (MaaS) in underground hacking forums, known for its strong evasion techniques and relatively low price.

August also saw a rapid increase in GuLoader activity, which resulted in it being the fourth most widespread malware. GuLoader was initially used to download Parallax RAT but has since been applied to other remote access trojans and infostealers such as Netwire, FormBook and Agent Tesla. It’s commonly distributed through extensive email phishing campaigns that lure the victim into downloading and opening a malicious file, allowing the malware to get to work.

Additionally, we saw that Joker, an Android spyware, is back in business and has claimed third place in the top mobile malware list this month. Once Joker is installed, it can steal SMS messages, contact lists and device information as well as sign the victim up for paid premium services without their consent. Its rise can partially be explained by an uplift in campaigns as it was recently spotted to be active in some Google Play Store applications.

The shifts that we see in this month’s index, from Emotet dropping from first to fifth place to Joker becoming the third most prevalent mobile malware, is reflective of how fast the threat landscape can change. This should be a reminder to individuals and companies alike of the importance of keeping up to date with the most recent threats and that knowing how to protect yourself is essential. Threat actors are constantly evolving and the emergence of FormBook shows we can never be complacent about security and must adopt a holistic, prevent-first approach across networks, endpoints and the cloud.

This month the education/research sector is still the most targeted industry by cybercriminals globally, with government/military and healthcare taking second and third place as the most attacked sectors. “Apache Log4j Remote Code Execution” returns to first place as the most exploited vulnerability, impacting 44% of organizations worldwide, after overtaking “Web Server Exposed Git Repository Information Disclosure” which had an impact of 42%.

Top attacked industries globally

  1. Education/research
  2. Government/military
  3. ISP/MSP

Top Mobile Malwares

This month AlienBot is the most prevalent Mobile malware, followed by Anubis and Joker.

  1. AlienBot – AlienBot is a banking Trojan for Android, sold underground as a malware as a service (MaaS). It supports keylogging, dynamic overlays for credential theft, as well as SMS harvesting for 2FA bypass. Additional remote control capabilities are provided by using a TeamViewer module.
  2. Anubis – Anubis is a banking Trojan malware designed for Android mobile phones. Since it was initially detected, it has gained additional functions including remote access Trojan (RAT) functionality, keylogger and audio recording capabilities as well as various ransomware features. It has been detected on hundreds of different applications available in the Google Store.
  3. Joker – An Android Spyware in Google Play, designed to steal SMS messages, contact lists and device information. Furthermore, the malware can also sign the victim up for paid premium services without their consent or knowledge.