Threat report in June: new bank malware malibot poses a threat to mobile banking users

Check Point Research New Android Bank malware MaliBot. With new variants Emotet Still the most rampant malware ,Snake Keyboard recorder jumped from eighth to third .

2022 year 7 month , The world's leading provider of network security solutions Check Point Software Technology Co., Ltd （ Nasdaq stock code ：CHKP） Threat Intelligence Check Point Research (CPR) Published its 2022 year 6 The latest edition of the month 《 Global threat index 》 The report .CPR According to the report , stay 5 End of month FluBot After being hit , There has been a phenomenon called MaliBot Brand new Android Bank malware .

Although it has just been discovered , But bank malware MaliBot It has ranked third in the list of the most rampant mobile malware . It disguises itself as a cryptocurrency mining application with different names , And aim at mobile bank users to steal financial information .MaliBot Be similar to FluBot, Use phishing SMS （ SMS fraud ） Trick the victim into clicking on a malicious link , Thus redirecting it to the download of fake applications containing malware .

Also this month ,Emotet Still the most rampant malware on the whole . Here's the thing to watch , Since ranking eighth in the list last month ,Snake Keyloggers are becoming more active , Then it rose to the third place .Snake Its main function is to record the number of keystrokes of the user and transmit the collected data to the attacker . Although in 5 month ,CPR Found out Snake Keyboard recorder passes PDF File dissemination , But recently it has been through the inclusion Word The attachment （ Mark as RFQ ） E-mail to spread . Besides , The researchers are still 6 Monthly report Emotet New variation of , This variant has the function of credit card theft , And point the attack at Chrome Browser users .

Check Point Vice president of research, software technology company Maya Horowitz Express ：“ I'm glad to see that the law enforcement department has successfully cracked down on FluBot Such malware and the criminal organization behind it , Unfortunately, it didn't take long , A new kind of mobile malware will replace it . Cyber criminals are well aware that mobile devices play a central role in the lives of many people , Therefore, they have been adjusting and improving their strategies according to their behavior . The threat situation is evolving rapidly , Mobile malware poses a major threat to personal and corporate security . Deploying powerful mobile threat defense solutions has become unprecedented important .”

CPR Also pointed out ,“Apache Log4j Remote code execution ” Is the most frequently exploited vulnerability , The global 43% Our institutions suffer , Next to that is “Web Server Exposed Git Repository information disclosure ”, The global scope of influence is 42.3%.“Web The server is malicious URL Directory traversal vulnerability ” In third place , The global scope of influence is 42.1%.

The number one malware family

* The arrow indicates the ranking change compared with the previous month .

This month, ,Emotet Still the number one malware , The global 14% The institutions affected by it , The second is Formbook and Snake Keyboard recorder , Both affect the world 4.4% Enterprises and institutions .

 Emotet - Emotet It is an advanced modular Trojan horse that can spread itself .Emotet Once used as a bank Trojan horse , But it has recently been used as a propagator of other malware or malicious attacks . It uses a variety of methods and evasion techniques to ensure long-term stability and avoid detection . Besides , It can also be spread through phishing spam that contains malicious attachments or links .

 Formbook – Formbook Is aimed at Windows Information stealing program of operating system , On 2016 It was first discovered in nineteen seventy-two . Due to its powerful circumvention technology and relatively low price , It is used as malware as a service in the underground hacker Forum (MaaS) To sell .Formbook Available from various Web Get credentials in the browser 、 Collect screenshots 、 Monitor and record keystrokes , And according to its C&C Command download and execute files .

↑ Snake  Keyboard recorder  - Snake It's a modular .NET Keylogger and credential theft program , On 2020 year 11 It was first discovered in late September . Its main function is to record the number of keystrokes of the user and transmit the collected data to the attacker .Snake Infection poses a major threat to user privacy and online security , Because as a particularly hidden and persistent keyboard recorder , The malware can steal almost all kinds of sensitive information .

The industry that bears the brunt in the world

This month, , education / The research industry is still the world's top target , Second, the government / The military sector and the medical industry .

Education and Research

The government / military

Medical care

Mainly mobile malware

AlienBot  Is the most rampant mobile malware this month , The second is  Anubis  and  MaliBot.

AlienBot - AlienBot The malware family is a family that targets Android Device malware as a service (MaaS), It allows remote attackers to first inject malicious code into legitimate financial applications . An attacker can gain access to the victim's account , And finally completely control its equipment .

Anubis - Anubis It's a kind of special for Android Bank Trojan horse designed by mobile phone . Since the initial detection , It already has some additional functions , Including remote access Trojans (RAT) function 、 Keyboard recorder 、 Recording function and various blackmail software features . The bank Trojan has been detected in hundreds of different applications provided by Google store .

MaliBot – Malibot It is aimed at Spanish and Italian users Android Bank malware . The bank malware disguised itself as a cryptocurrency mining application with different names , Focus on stealing financial information 、 Encrypt wallets and more personal data . 

Check Point《 Global threat impact index 》 And its 《ThreatCloud The roadmap 》 be based on Check Point ThreatCloud Written from intelligence data .ThreatCloud The Real-time Threat Intelligence provided comes from the deployment in the global network 、 Hundreds of millions of sensors on endpoints and mobile devices .AI The engine and Check Point Information and Research Department of software technology company Check Point Research Our exclusive research data further enrich the intelligence content .

About  Check Point Research

Check Point Research Can be Check Point Software Customers and the entire intelligence community provide leading cyber Threat Intelligence .Check Point The research team is responsible for collecting and analyzing ThreatCloud Stored global cyber attack data , In order to prevent hackers at the same time , Ensure that all Check Point All products enjoy the latest protection measures . Besides , The team consists of 100 A number of analysts and researchers , Be able to work with other security vendors 、 Law enforcement agencies and various computer security emergency response teams cooperate .

About  Check Point  Software Technology Co., Ltd  

Check Point Software Technology Co., Ltd It is a leading provider of network security solutions for governments and enterprises around the world .Check Point Infinity Solution portfolio for malware 、 The capture rate of ransomware and other threats is at the industry-leading level , It can effectively protect enterprises and public organizations from the fifth generation network attacks .Infinity It contains three core pillars , It can provide excellent security protection and fifth generation threat protection across enterprise environments ：Check Point Harmony（ For remote users ）;Check Point CloudGuard（ Automatically protect the cloud environment ）;Check Point Quantum（ Effectively protect network boundaries and data centers ）— All of this is through the most comprehensive 、 Intuitive unified safety management for control .Check Point Provide protection for more than 100000 enterprises of all sizes .