Specialists of Check Point have published the Cyberrosis rating, which highlights key trends in the cybersecurity landscape. According to the report, Fakeupdates remains the most prevalent malicious software, playing a significant role in extortion attacks that affected 4% of organizations globally. Following closely are Formbook and Remcos, infecting 3% of companies.
The study revealed that attackers are increasingly utilizing artificial intelligence and complex masking techniques to conceal harmful processes within systems. A recent case involving the RansomHub group showcased the utilization of a backdoor on Python, introduced right after the initial infection through Fakeupdates. This backdoor provided continuous access to the system, enabling attackers to move laterally across the network using RDP, setting up scheduled tasks to maintain their presence.
The ranking of the most active malware includes:
- fakeupdates (Socgholish) – a malware distributed through infected sites posing as browser updates, used by the Evil Corp group to download secondary malware, including Ransomware.
- Formbook – an infostiller that gathers passwords from browsers, takes screenshots, and records keystrokes, distributed via phishing emails and infected sites.
- remos – a Trojan of remote access (RAT) capable of bypassing Windows protection mechanisms and obtaining administrative privileges.
- Androxgh0st – Python-Vredenos, targeting applications using the Laravel PHP Framework to search for files containing confidential data, including access to cloud services.
- asyncrat – a Trojan of remote access granting hackers full control over the system and allowing data theft.
- SnakeKeylogger – a malicious software that logs keystrokes for the purpose of stealing sensitive data.
- Phorpiex – a Botnet known for spam distribution, theft programs, and mass fraudulent activities.
- rilide – a malicious extension for Chrome and Edge browsers that steals user data and intercepts two-factor authentication.
- Amadey – a Botnet that serves as a gateway for other malware, including banking trojans.
- agenttesla – an advanced RAT that collects browser passwords and spies on users.
In the mobile segment, the following threats are prevalent:
- Anubis – a banking Trojan for