Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

No.1 malware in November 2023: new AsyncRAT attacks break out

2024-05-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)12/24 Report--

Researchers have discovered a new type of AsyncRAT attack in which malicious HTML files are used to spread covert malware.

In December 2023, Check Point ®Software Technology Co., Ltd. (Nasdaq: CHKP), the world's leading provider of cyber security solutions, released its November 2023 Global threat Index report. Last month, researchers discovered a new type of AsyncRAT attack in which malicious HTML files were used to spread

Hidden malware. Meanwhile, FakeUpdates, the JavaScript downloader, jumped directly to second place two months after falling out of the top 10, while education remains the most affected industry in the world.

AsyncRAT is a remote access Trojan horse (RAT), which has attracted much attention because of its ability to remotely monitor and manipulate computer systems without being noticed. The malware, which ranked sixth in the top 10 last month, uses a variety of file formats such as PowerShell and BAT to implement process injection. In the AsyncRAT attack discovered last month, the recipient received an email containing an embedded link, which triggered the download of a malicious HTML file and triggered a series of events. This means that the malware can disguise itself as a trusted application to evade detection.

Meanwhile, FakeUpdates, the downloader, returned to the top malware list after two months of silence. The malware distribution framework is written in JavaScript to trick users into running virtual browser updates by deploying infected websites and causing further damage through many other malware, including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult.

"November's cyber threat shows that attackers are using seemingly harmless methods to invade the network," said Maya Horowitz, vice president of research at Check Point Software Technology. The outbreak of AsyncRAT attacks and the resurgence of FakeUpdates highlight a trend that attackers begin to use seemingly simple methods to bypass traditional defense mechanisms. This shows that enterprises need to adopt a multi-layer protection approach, not only to identify known threats, but also to be able to identify, defend, and respond to new attack vectors as a precaution. "

CPR also pointed out that "HTTP payload command line injection" is the most frequently exploited vulnerability, resulting in 45 per cent of institutions worldwide suffering, followed by "Web server malicious URL directory traversal vulnerability", affecting 42 per cent of organizations worldwide. "Zyxel ZyWALL command injection (CVE-2023-28771)" ranks third, with 41 per cent of global reach.

Number one malware family

* the arrow indicates the change in ranking compared to last month.

Formbook was the most rampant malware last month, affecting 3 per cent of institutions worldwide, followed by FakeUpdates and Remcos, affecting 2 per cent and 1 per cent of organizations, respectively.

1. Formbook-Formbook is for Windows

The information theft program of the operating system was first discovered in 2016. Because of its powerful circumvention technology and

At a relatively low price, it is sold as a malware as a service (MaaS) in underground hacker forums. FormBook can obtain credentials from various Web browsers, collect screenshots, monitor and record the number of keystrokes, and download and execute files according to its clockC commands.

2. ↑ FakeUpdates-FakeUpdates (aka SocGholish) is a download program written in JavaScript. It writes the payload to disk before starting it. FakeUpdates causes further damage through many other malware, including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult.

3. Remcos-Remcos is a remote access Trojan horse that first appeared in 2016. Remcos spreads itself through malicious Microsoft Office documents that accompany spam emails and is designed to bypass Microsoft Windows UAC security and execute malware with advanced privileges.

Major mobile malware

Last month, Anubis still topped the list of the most rampant mobile malware, followed by AhMyth and SpinOk.

1. Anubis-Anubis is a kind of bank Trojan malware designed for Android mobile phones. Since it was initially detected, it has some additional functions, including remote access Trojan (RAT) function, keylogger, recording function and various blackmail software features. The bank Trojan has been detected in hundreds of different apps offered by the Google Store.

2. AhMyth-AhMyth is a remote access Trojan horse (RAT) that was discovered in 2017 and can be spread through Android apps on app stores and various websites. When users install these infected applications, the malware can collect sensitive information from the device and perform operations such as keyloggings, screenshots, sending text messages and activating cameras, which are often used to steal sensitive information.

3. SpinOk-SpinOk is an Android software module used as spyware that collects file information saved on the device and transmits it to the attacker. As of May 2023, the malicious module has been found in more than 100 Android applications, with more than 421 million downloads.

Check Point's Global threat impact Index and its ThreatCloud Roadmap are based on Check Point ThreatCloud intelligence data. ThreatCloud provides real-time threat intelligence from hundreds of millions of sensors deployed on global networks, endpoints and mobile devices. This intelligence is further enriched by exclusive research data from the AI engine and Check Point Research, the intelligence and research division of Check Point Software Technologies.

For a complete list of the top 10 malware families in November, visit the Check Point blog.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report