Hardly a month after the FluBot takedown in May 2022, new mobile malware MaliBot is already jostling into the leaderboard
The latest Global Threat Index for June 2022 from Check Point Software highlights how the new Android banking MaliBot has taken third place in the most prevalent mobile malware leaderboard after it emerged following the takedown of FluBot at the end of May.
MaliBot disguises itself as cryptocurrency mining applications under different names and targets users of mobile banking to steal financial information. Similar to FluBot, MaliBot uses phishing SMS messages (smishing) to lure victims into clicking on a malicious link that redirects them to the download of a fake application containing the malware.
While it’s always good to see law enforcement successful in bringing down cybercrime groups or malwares like FluBot, sadly it did not take long for a new mobile malware to take its place.
Also for June, Snake Keylogger came in third after an increase in activity: its main functionality is to record users’ keystrokes and transmit collected data to threat actors. While Snake Keylogger was earlier being delivered via PDF files, recently it has been spread through emails containing Word attachments tagged as requests for quotations.
Researchers also reported about new variant of Emotet that has credit card stealing capabilities and targets Chrome browser users.
Top malware families Emotet is still the most popular malware with a global impact of 14%, followed by Formbook and Snake Keylogger, each impacting 4.4% of organisations worldwide.
- Snake Keylogger
- Agent Tesla
Top attacked industries globally
- Education & Research
Top exploited vulnerabilities
- Apache Log4j Remote Code Execution (CVE-2021-44228)
- Web Server Exposed Git Repository Information Disclosure
- Web Servers Malicious URL Directory Traversal (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260)
- HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756)
- Command Injection Over HTTP (CVE-2021-43936,CVE-2022-24086)
- PHPUnit Command Injection (CVE-2017-9841)
- MVPower DVR Remote Code Execution
- Apache Struts2 Content-Type Remote Code Execution (CVE-2018-10561)
- D-LINK Multiple Products Remote Code Execution (CVE-2015-2051)
- WordPress portable-phpMyAdmin Plugin Authentication Bypass (CVE-2012-5469)
Top mobile malware
AlienBot is the most prevalent mobile malware for the month, followed by Anubis and MaliBot.