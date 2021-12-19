Check Point Research’s November 2021 Global Threat Index shows that Trickbot remains at the top of the most prevalent malware list, but that the newly re-emerged Emotet already ranks seventh. For Maya Horowitz, vice president of research at Check Point Software Technologies, this return is worrisome, as it could lead to an increase in attacks.

Emotet has been distributed by phishing emails with infected Word, Excel and Zip files. The emails come with subject lines related to current news, fake invoices and corporate memos. In addition, Emotet pretends to be Adobe software and spreads via malicious Windows App Installer packages.

As it uses the Trickbot infrastructure, the time needed to build a meaningful foundation is shorter. Maya recalls that Emotet is one of the most successful botnets in cyberspace history. “He is responsible for the explosion of targeted ransomware attacks in recent years,” he says.

The Global Threat Index uses Check Point’s ThreatCloud intelligence, a collaborative cybercrime network that inspects more than 3 billion websites and 600 million files daily. Every day, more than 250 million malware activities are identified.

Emotet arrives, most of the time, by phishing (Image: Reproduction/Pixabay/Elchinator)

Therefore, user awareness and education are crucial and should be at the top of organizations’ priority list. “Furthermore, anyone who wants to download Adobe software must remember, as with any application, to do so only through official means,” he says.

The most attacked sector in the month was Education/Research, followed by Communications and Government/Military. The most exploited vulnerability is “Web Servers Malicious URL Directory Traversal”, which affects 44% of organizations globally. Then comes the “Web Server Exposed Git Repository Information Disclosure”, which reaches 43.7% of companies worldwide. “HTTP Headers Remote Code Execution” is in third place, with a global impact of 42%.

In Brazil, the top malware in November were Trickbot (4.53% impact on organizations), XMRig (4.39%) and Grupteba (4.39%). Around here, Emotet appears in eighth place and affects 1.94% of companies.

Top mobile malware

In November, AlienBot was ranked first in the most prevalent mobile malware index. The next ones were xHelper and FluBot.

Many mobile malware attacks Android (Image: Replay/Techzdudes)

AlienBot is Malware-as-a-Service (MaaS) for Android. With it, a remote attacker can inject malicious code into legitimate financial applications. He then gains access to the victims’ accounts and may even take complete control of the device.

xHelper, in turn, is used to download malicious applications and display advertisements. It is able to hide itself from the user and reinstalls itself if uninstalled. It is already distributed via phishing SMS messages — most of the time, it passes through delivery and logistics brands. Once installed, you get access to all confidential information on your phone.