According to the Check Point Global Threat Index, malware is more active than ever. New ones are emerging and some are gaining momentum. In Chile, Qbot (also known as Qakbot), became the most dangerous, affecting 6.7% of local companies. Emotet follows, with 4.3%.
Qbot has become a malware distribution service, which is used for various activities by cybercriminal groups, including ransomware attacks. Its impact around the world, such as in the United States, is that the FBI has set up a complex operation to disrupt it – called “Duck Hunt” – where they control the botnet to eliminate it from many devices. “Dismantling QBot is an important step forward in the fight against cybercrime, but we can’t be complacent because when one goes down, another takes over,” explained Maya Horowitz, vice president of research at Check Point Software. “We must all remain vigilant, work together and continue to practice good security across all attack vectors.”
The 3 most searched malware in Chile last month
1. Qbot – AKA Qakbot is a banking Trojan that first appeared in 2008. It is designed to steal banking credentials and keystrokes. Often distributed via spam email, Qbot uses various anti-VM, anti-debugging, and anti-sandbox methods to prevent detection and avoid detection. This Trojan increases the incidence of companies in Spain to 7%.
2. Emotet – Emotet is an advanced, self-propagating, modular Trojan that was once used as a banking Trojan and now distributes other malware or malicious campaigns. Emotet uses several methods to maintain continuity and evasion methods to avoid detection and may spread through phishing spam emails with malicious attachments or links. In the last weeks, its effect reached 4.3%.
3. Fakeupdates – Fakeupdates (AKA SocGholish) is a downloader written in JavaScript. Payloads are written to disk before they are launched. Fake updates lead to further compromises through several additional malware, including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult. The download affected 3.4% of companies in Chile.
At the level of mobile malware, the most dangerous worldwide are Anubis, AhMyth and SpinOk. Anubis is a banking Trojan malware designed for Android mobile phones and since it was first detected it has acquired additional features including Remote Access Trojan (RAT) capabilities, keylogger, audio recording and various other ransomware features. It is noted among the hundreds of different applications available in the Google Store.
For its part, AhMyth – a remote access trojan (RAT) discovered in 2017 – is distributed through Android applications found in application stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, taking screenshots, sending SMS messages, and activating camera.
SpinOk, on the other hand, is a software module for Android that works as spyware. It collects information about files stored on devices and can transfer them to cybercriminals. The malicious module was found in more than 100 Android applications and had been downloaded more than 421,000,000 times as of May 2023.
The Check Point Software Global Threat Impact Index and its ThreatCloud map are powered by Check Point Software’s ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, across networks, endpoints and mobile devices. The intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the intelligence and research arm of Check Point Software Technologies.
