Qbot has become the most prevalent banking Trojan, topping Emotet, according to new figures.
According to new numbers from the Check Point Global Threat Index for December 2022, Qbot (aka Qakbot) has affected 7% of organizations worldwide, retaking the top spot from Emotet (4%).
Based on proprietary data, Check Point’s report says that in addition to Qbot and Emotet, XMRig rounded up the top three malware prevalences in the last month of the year.
Exploit known vulnerabilities
XMRig, which affects 3% of companies worldwide is a cryptominer, a program that “mines” the XMR cryptocurrency for attackers. It is a popular application, which attackers often aim to install on servers and other high-end devices.
When it comes to mobile devices, a completely different group of malware has prevailed. Anubis was the most popular variant, followed by Hiddad and AlienBot.
But to install this malware, hackers need some way to gain access to the target endpoints, which is mostly done through known vulnerabilities.
Check Point said that “exposing web server Git repository information” was the most common vulnerability, affecting nearly half (46%) of organizations globally. “Directory traversal of malicious web server URLs” ranked second with 44% of businesses worldwide affected. The top three is rounded out by “Command INjection Over HTTP” – 43%.
Education and research remained the industry most attacked, ahead of government, the military, and health care.
The overwhelming topic of our latest research is how malware is used (Opens in a new tab) It often disguises itself as legitimate software to give hackers backdoor access to devices without arousing suspicion. said Maya Horowitz, vice president of research at Check Point Software. “That’s why it’s important that you do your due diligence when downloading any software and apps or clicking on links, regardless of their authenticity.”
In the past year, hackers have been busy creating fake landing pages, tricking people into either downloading malware, or giving away sensitive data. In just one case, in late October last year, cybersecurity researchers from Malwarebytes discovered a large campaign that took advantage of more than 200 landing pages used to access people’s bank accounts.