Formbook, Qbot and Emotet form the trio of the most active malware families in France last month, in a context where the research and education sectors are the most targeted.
Cybersecurity specialist Check Point Software Technologies has just published its monthly ranking of global threats. Globally, Ukraine remains the favorite target of hackers, although a 44% drop in the average number of weekly attacks per company between October 2022 and February 2023 is noteworthy. In France, three malware emerge.
Behind Formbook, old-timers of malware
In February, it was measured as the most widespread malware in France. Formbook, an infostealer, targets the Windows operating system. It was first detected in 2016 and has since been sold as malware as a service (SaaS) on underground hacking forums. Inexpensive and with strong evasion techniques, Formbook harvests credentials from web browsers, monitors and logs keystrokes, and collects screenshots. It can even download and then execute files at the behest of its C&C (Command and Control infrastructure), which includes the tools for hackers to maintain contact with compromised machines.
Dethroned by Formbook, Qbot remains the second most widely distributed malware in France. The banking Trojan, which has been circulating since 2008, steals banking credentials or keystrokes. Generally, it is distributed in spam email campaigns. It uses different anti-VM, anti-sandbox and anti-debugging techniques in order to block scanning and bypass detection.
Emotet completes the podium. This other banking trojan, which needs no introduction, is sophisticated, self-propagating and modular at the same time. He uses various methods to stay persistent and has evasion techniques that keep him from being spotted. It is also spread using phishing spam emails, in malicious attachments or links for example.
Beware of Anubis Plaguing Mobile
Last month in France, hackers primarily targeted the education and research sector. The communications sector as well as the sector combining government and military activities follow at the top of the list.
As far as vulnerabilities are concerned, the most exploited last month is the one known as “Web Servers Malicious URL Directory Traversal”. It affected 47% of organizations worldwide and consists of a directory traversal vulnerability on various web servers. This flaw is related to an input validation error in a web server which unfortunately does not properly sanitize the URL for directory traversal patterns. Such successful exploitation allows unauthenticated remote hackers to disclose or access arbitrary files on the vulnerable server.
Finally, a word on the malware that is most prevalent on mobile. In February, the Trojan horse Anubis was the most talked about. Working on Android, it has grown in maturity and functions, today acting as a remote access trojan (RAT), audio recorder, keylogger or ransomware. It has already been detected on several hundred different apps that can be downloaded from the Google Play Store.
Source: Check Point Software Technologies
0