Cryptomining malware has topped the Check Point most wanted malware lists for months. A trio of returning banking Trojans are challenging that dominance. According to Check Point: “banking Trojans have increased their global impact by 50% in the last four months.”
Dorkbot is leading the charge and is a multiple attack malware. In addition to stealing sensitive information it also launches denial of service attacks. Emotet, which first appeared in 2014, steals banking data and infects other machines on the same network. Ramnit steals both banking credentials and FTP passwords.
The last surge of banking Trojans was in summer 2017. This appears to be a seasonal attack pattern aimed at holidaymakers and tourists. Researchers are warning that public WiFi is the most likely infection point.
The top ‘Most Wanted’ for June
The top two slots have not changed for three months. Cryptomining malware Coinhive and Cryptoloot continue to make money at the expense of other people. Also unchanged is XMRig, another cryptomining malware.
Banking Trojans now occupy three places on the top eleven. Dorkbot is 3rd and Ramnit has returned to 10th place. The biggest climber is Emotet which is in 11th place having been in 50th place last month.
Roughted, the malvertising malware, has dropped to 5th. As Europeans continue to turn off advertising, it will be interesting to see how much further Roughted will drop.
Mobile malware has seen the top two change places. Banking Trojan Lokibot has been replaced by Triada. Triada is a modular backdoor for Android which is used to load other malware.
What does this mean
Old malware never goes away as the re-emergence of Emotet shows. This also shows how attacks can be cyclical as hackers behave like retailers. Retailers know what sells well at what time of year. Hackers are changing their attacks accordingly which underscores how commercialised cyber crime is.
Users will need to pay more attention to their bank accounts over the next few months. They should also install a VPN if they are going to be using their devices on public WiFi.