With the takedown of Emotet, this revitalized malware is now a staple player in the monthly list of vicious cyber threats.

For the month of September 2021, Trickbot has returned to the top of the most prevalent malware list compiled by Check Point Research (CPR). This was after a fall to second place the month prior, after a three-month long stay at the top.

New to the top 10 is remote access trojan, njRAT, taking the place of Phorpiex, which is no longer active.

Since the Emotet takedown in January, the Trickbot trojan has gained popularity. It is constantly being updated with new capabilities, features and distribution vectors that enable it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.  

In the same month that Trickbot once again became the most prevalent malware, it was reported that one of its gang members was actually arrested as a result of a US investigation. In addition to other charges that have been filed this year in the fight against the trojan, there is hope that the gang’s dominance will soon be history.

Top malware families
New entrant njRAT takes over the defunct
Phorpiex.

  1. Trickbot
  2. Formbook
  3. XMRig
  4. Agent Tesla
  5. Glupteba
  6. Remcos
  7. Tofsee
  8. Ramnit
  9. Floxif
  10. njRAT

Top exploited vulnerabilities

  1. Web Server Exposed Git Repository Information Disclosure 
  2. Command Injection Over HTTP
  3. HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756)
  4. Web Servers Malicious URL Directory Traversal (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068, CVE-2015-7254, CVE-2016-4523, CVE-2016-8530, CVE-2017-11512, CVE-2018-3948, CVE-2018-3949, CVE-2019-18952, CVE-2020-5410, CVE-2020-8260)
  5. MVPower DVR Remote Code Execution
  6. Dasan GPON Router Authentication Bypass (CVE-2018-10561)
  7. Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638,CVE-2017-5638,CVE-2019-0230)
  8. OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160,CVE-2014-0346)
  9. NoneCMS ThinkPHP Remote Code Execution (CVE-2018-20062)
  10. Netgear DGN Unauthenticated Command Execution

Top Mobile Malware

  1. xHelper 
  2. AlienBot
  3. FluBot