For those who don’t know SmokeLoader is a second-stage downloader known that first hit the cyberspace on 2011. Since 2011 it had just an ascending rate and now that rate made it reach ninth place in the most wanted malware index’s top 10.
It had been used to hit hard on Ukraine and Japan by loading other malware, such as Trickbot Banker, AZORult Infostealer and Panda Banker on the targeted devices.
In the same top, crypto mining malware continues to lead, with Coinhive on the first position for the 13th month in a row. XMRig is on the second place with a global impact of 8%, which is at a very small distance of the JSEcoin miner that affected 7% of all the monitored devices. From all the possible targets that are around the world, companies continue to be the most affected one by the crypto miners.
Surprisingly the same top is showing that crypto miners are going down and banking Trojans are rising up. The most that full of them is Ramnit, a banking Trojan that steals login credentials and other sensitive data, which is in the 8th place.
The most wanted top 10 is divided equally between crypto miners and malware that uses multiple methods to distribute numerous threats.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Here are the top 3 most wanted malware overall:
- Coinhive Crypto Miner – which is designed to perform silent online mining of Monero cryptocurrency when a user visits a web page without the user’s consent.
- XMRig – An open-source CPU mining software used for the mining process of the Monero cryptocurrency.
And top 3 most wanted mobile malware:
- Triada – Modular Backdoor for Android which grants superuser privileges to downloaded malware.
- Guerilla – Android ad-clicker which has the ability to communicate with a remote C&C server, download additional malicious plugins and perform aggressive ad-clicking without the consent of the user.
- Lotoor – Hack tool that exploits vulnerabilities on Android operating system in order to gain root privileges on compromised mobile devices.
Top 3 most exploited vulnerabilities
- Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269)
- OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346) – An information disclosure vulnerability exists in OpenSSL.
- Web servers PHPMyAdmin Misconfiguration Code Injection – A code injection vulnerability has been reported in PHPMyAdmin.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.