Guerilla Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Fri, 24 Jun 2022 19:54:04 +0000 en-US hourly 1 https://wordpress.org/?v=97407 200474804 Greta Thunberg became the most popular character in phishing campaigns https://gridinsoft.com/blogs/greta-thunberg-became-the-most-popular-character-in-phishing-campaigns/ https://gridinsoft.com/blogs/greta-thunberg-became-the-most-popular-character-in-phishing-campaigns/#respond Fri, 17 Jan 2020 21:29:48 +0000 https://blog.gridinsoft.com/?p=3365 Check Point analysts prepared a traditional monthly report on the most active threats, the Global Threat Index. Greta Thunberg and Christmas became the most popular topics in spamming and phishing campaigns. For already three months, the Emotet Trojan has occupied one of the leading positions among malware: in December, Emotet affected 13% of organizations worldwide,… Continue reading Greta Thunberg became the most popular character in phishing campaigns

The post Greta Thunberg became the most popular character in phishing campaigns appeared first on Gridinsoft Blog.

]]>
Check Point analysts prepared a traditional monthly report on the most active threats, the Global Threat Index. Greta Thunberg and Christmas became the most popular topics in spamming and phishing campaigns.

For already three months, the Emotet Trojan has occupied one of the leading positions among malware: in December, Emotet affected 13% of organizations worldwide, comparing with 9% in November.

Basically, the trojan is distributed through spam mailings, which exploit the most relevant topics in the headings today. In December, for example, among them were: “Support Greta Thunberg – Time Person of the Year 2019” and “Christmas Party!”.

“The emails in both campaigns contained a malicious Microsoft Word document. When it is opened, it tried to download Emotet on the victim’s computer. Ransomware and other malware can spread through Emotet”, – reported Check Point specialists.

In December also significantly increased use of remote command injection via HTTP: 33% of organizations worldwide suffered this. If the criminals managed to exploit the vulnerability, the DDoS botnet payload entered the victims’ machines. The malicious file used in the attacks also contained a number of links to payloads, exploiting vulnerabilities in different IoT devices.

Devices of manufacturers such as D-Link, Huawei and RealTek were potentially vulnerable to these attacks.

“Over the past three months, the main threats have been universal multipurpose malware, such as Emotet and xHelper. They give cybercriminals many opportunities to monetize attacks, as they can be used to distribute ransomware or spread new spam campaigns. The goal of criminals is to penetrate and gain a foothold in the largest possible number of organizations and devices, so that subsequent attacks are more profitable and destructive. Therefore, it is very important that organizations inform their employees about the risks of opening and downloading email attachments or clicking on links that do not come from a reliable source”, – say experts at Check Point Software Technologies.

The most active threats of December 2019:

  • Emotet – Emotet is an advanced, self-propagating and modular Trojan. Emotet used to be a banking Trojan, but recently has been used as a distributor of other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.
  • XMRig – XMRig is an open-source CPU mining software used for mining Monero cryptocurrency, first seen in-the-wild on May 2017.
  • Trickbot – Trickbot is a dominant banking Trojan constantly being updated with new capabilities, features and distribution vectors. This enables Trickbot to be a flexible and customizable malware that can be distributed as part of multi purposed campaigns.

The most active mobile threats in December 2019:

  • xHelper – active since March 2019, and was used to download other malicious applications and display ads. The application is able to hide from the user and antivirus programs, and reinstall itself if the user uninstalls it.
  • Guerilla – a clicker that can interact with the management server, download additional malicious plugins and aggressively boost clicks on ads without the consent or knowledge of the user.
  • Hiddad is a modular backdoor for Android, which provides superuser rights to various malware, and also helps to introduce it into system processes. It can access key security mechanisms built into the OS, which allows it to receive confidential user data.

In the report by Any.Run, an interactive service for automated malware analysis, Emotet was named the main threat for the entire 2019.

The post Greta Thunberg became the most popular character in phishing campaigns appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/greta-thunberg-became-the-most-popular-character-in-phishing-campaigns/feed/ 0 3365
Check Point named the most dangerous malware of November 2019 https://gridinsoft.com/blogs/check-point-named-the-most-dangerous-malware-of-november-2019/ https://gridinsoft.com/blogs/check-point-named-the-most-dangerous-malware-of-november-2019/#respond Thu, 19 Dec 2019 16:01:24 +0000 https://blog.gridinsoft.com/?p=3294 Check Point Research Team, Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a global cybersecurity solutions provider, published the Global Threat Index report, listing the most dangerous malware of November 2019. Experts said that for the first time in three years, a mobile Trojan entered the general list of malware, and it has become the most… Continue reading Check Point named the most dangerous malware of November 2019

The post Check Point named the most dangerous malware of November 2019 appeared first on Gridinsoft Blog.

]]>
Check Point Research Team, Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a global cybersecurity solutions provider, published the Global Threat Index report, listing the most dangerous malware of November 2019.

Experts said that for the first time in three years, a mobile Trojan entered the general list of malware, and it has become the most widespread mobile threat in the last month.

The XHelper Mobile Trojan has been active since March 2019. A multi-purpose trojan designed for Android users is able to download other malicious applications and display malicious ads.

“The application is able to hide itself from user and mobile anti-virus programs and reinstall itself if the user uninstalls it. Over the past six months, the malware code has been constantly updated, which helped him bypass mobile anti-virus solutions and continue to infect new devices”, – say the researchers.

As a result, he took 8th place in the top 10 malware.

XHelper is a versatile, multi-purpose malware that can be adapted to the needs of criminals, such as ransomware, spam campaigns, or malicious ads.

Researchers also note the activity of the Formbook infostiller – it affected almost 12% of organizations. The main danger of Formbook and other similar programs is that for a long time they can go unnoticed in order to collect as much information as possible from the victim’s device. Info-dealers can steal information about bank account, credit card number, phone number and more.

“Now criminals are trying to use several different tactics to monetize their operations, instead of following a single trend, such as crypto mining, which dominated in 2018. Therefore, it is important that organizations implement the latest generation of anti-virus solutions not only in their networks, but also on employees’ mobile devices, in order to protect all enterprise endpoints. It is necessary regularly remind employees of the dangers of opening attachments from emails or clicking on links that come from unknown sources”, – tell representatives of Check Point Software Technologies.

The most active malware in November 2019 in the world was:

Emotet maintained its position in the top of the list of malware, affecting 9% of organizations in the world. XMRig (7%) and Trickbot (6%) are in the second and third place respectively.

  1. Emotet is an advanced self-propagating modular trojan. Emotet was once an ordinary banking trojan, and has recently been used to further spread malware and campaigns. The new functionality allows sending phishing emails containing malicious attachments or links.
  2. XMRig is open source software first discovered in May 2017. Used to mine Monero cryptocurrency.
  3. Trickbot – one of the dominant banking trojans, which is constantly updated with new features, functions and distribution vectors. Trickbot is a flexible and customizable malware that can spread through multi-purpose campaigns.

The most active mobile threats in November 2019:

xHelper, the new program on the list, has become the most common malware for mobile devices. It is followed by Guerilla and Lotoor.

  1. xHelper is a malicious Android application, active since March 2019, it was used to download other malicious applications and display ads. The application is able to hide itself from user and mobile anti-virus programs and reinstall itself if the user uninstalls it.
  2. Guerilla – clicker for Android, which can interact with the remote control server, download additional malicious plugins and aggressively clicks on ads without the consent of the user.
  3. Lotoor – a program that uses vulnerabilities in the Android operating system to obtain privileged root access on hacked mobile devices.

The most common vulnerabilities in November 2019:

  1. SQL injection – inserting SQL code into the input from the client to the page using a vulnerability in the application software.
  2. HeartBleed error in OpenSSL TLS DTLS software (CVE-2014-0160; CVE-2014-0346) – a vulnerability exists in OpenSSL that could reveal the contents of memory on a server or on a connected client. The vulnerability related to an error when processing Heartbeat TLS/DTLS packets.
  3. Remote code execution MVPower DVR. An MVPower DVR device has a remote code execution vulnerability. An attacker could use this vulnerability to execute arbitrary code on a vulnerable router using a specially crafted request.

A complete list of the top 10 malware families for November can be found on the Check Point blog.

Do not forget about the dangers of various ransomware programs, as, for example, the international software company Altran, the Norwegian aluminum producer Norsk Hydro, as well as the American chemical companies Hexion and Momentive suffered from LockerGoga during the outgoing year. Now LockerGoga creators and distributorS, at the request of the French authorities, are looked for in Ukraine.

The post Check Point named the most dangerous malware of November 2019 appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/check-point-named-the-most-dangerous-malware-of-november-2019/feed/ 0 3294