Qbot has become the most prevalent banking Trojan, ranking first in Emotet, according to new figures.
According to new Check Point Global Threat Index figures for December 2022, Qbot (also known as Qakbot) affected 7% of organizations worldwide, retaking the number one spot from Emotet (4%).
Based on proprietary data, Check Point’s report says that, in addition to Qbot and Emotet, XMRig completed the top three malware in the last month of the year.
Exploit known vulnerabilities
XMRig, which affects 3% of companies worldwide, is a cryptominer, a program that “mines” the XMR cryptocurrency for attackers. It is a popular application, which threat actors mainly intend to install on servers and other high-end machines.
When it comes to mobile devices, a completely different set of malware has prevailed. Anubis was the most frequent variant, followed by Hiddad and AlienBot.
But in order to install this malware, hackers must have some way to access the target endpoints, which is mostly done through known vulnerabilities.
“Web Server Exposed Git Repository Information Disclosure” was the most commonly exploited vulnerability, Check Point said, affecting nearly half (46%) of organizations globally. “Web Server Malicious URL Directory Traversal” ranked second with 44% of companies worldwide affected. The top three were completed with “Command INjection Over HTTP” – 43%.
Education and research continued to be the most targeted industries, ahead of government and the military, and health care.
“The overwhelming theme of our latest research is how malware (opens in a new tab) it often masquerades as legitimate software to give hackers backdoor access to devices without raising suspicion. said Maya Horowitz, vice president of research at Check Point Software. “That’s why it’s important to do your due diligence when downloading any software and apps or clicking on links, regardless of how genuine they look.”
Last year, hackers were busy creating fake landing pages, tricking people into downloading malware or giving away sensitive data. In just one case, in late October last year, Malwarebytes cybersecurity researchers uncovered a major campaign that leveraged more than 200 landing pages used to gain access to people’s bank accounts.
