Check Point experts presented a monthly Global Threat Index threat report. In March 2020, the banking Trojan Dridex first got in the top 10 of most active malware and immediately took third place in it.
Researchers recall that Dridex is a type of banking malware that appeared back in 2011 and attacks Windows-based machines. However, over the past ten years, the trojan has been significantly redesigned, and now attackers (including the famous Evil Corp group) use it in the early stages of an attack to download ransomware such as BitPaymer and DoppelPaymer.Dridex activity increased after several spam mailings that contained malicious attachments (Excel files). The attacks aimed stealing users’ personal data, as well as bank card data for further debiting funds.
For the first time in many years, Dridex has taken one of the leading positions in the ranking of active malware. This proves the flexibility with which fraudsters change their attack methods. This type of malware can be very profitable for scammers, so you should be careful about the files we receive daily by email”, – said Maya Horowitz, head of the Check Point Software Technologies cyber intelligence team.
As a result, the top 3 most active malware in March 2020 is the following:
- XMRig – open source software, first discovered in May 2017. Used for mining the Monero cryptocurrency and configured to attack Intel servers;
- Jsecoin – a JavaScript miner that can run mining directly in the browser in exchange for displaying ads, in-game currency and other incentives;
- Dridex — a banking Trojan that infects Windows. Dridex is distributed through spam mailings and exploit kits that use web injects to intercept personal data, as well as user bank card data.
In March, XMRig continued to lead the list of the most common malware, attacking 5% of organizations worldwide, followed by Jsecoin and Dridex, covering 4% and 3% of organizations, respectively.
Experts note that the Pykspa malware, which is spread via instant messaging on Skype, also entered the top of the 10 most active malware. By gaining access to the device, malware extracts users’ personal information.
Pykspa’s malware activity growth is easily explained. People in self-isolation are more likely to use various programs to communicate with relatives, colleagues and friends. These programs have became one of the main goals of hackers”, — said Check Point Software Technologies representative Vasily Diaghilev.
Note that the list of the most active mobile threats in March practically did not change: in March xHelper kept the first place in the list of the most common mobile malware, followed by AndroidBauts and Lotoor.