Form book

ChromeLoader malware campaign punishes pirating users, HP warns

Retrieved on: 
Wednesday, June 14, 2023
Chrome, PALO, HPQ, Infection, Microsoft OneNote, Form book, National Missing and Unidentified Persons System, Archive, Video, Security, Organization, Shampoo, Risk, HP Inc., HTML, HP, Windows Task Scheduler, PDF, NYSE, Online shopping, Cryptocurrency, Risk management, Microsoft Excel, Office

To date, HP Wolf Security customers have clicked on over 30 billion email attachments, web pages, and downloaded files with no reported breaches.

Key Points: 
  • To date, HP Wolf Security customers have clicked on over 30 billion email attachments, web pages, and downloaded files with no reported breaches.
  • Based on data from millions of endpoints running HP Wolf Security2, the researchers found:
    The Shampoo Chrome extension is hard to wash out: A campaign distributing the ChromeLoader malware tricks users into installing a malicious Chrome extension called Shampoo.
  • Key findings include:
    Archives were the most popular malware delivery type (42%) for the fourth quarter running when examining threats stopped by HP Wolf Security in Q1.
  • 14% of email threats identified by HP Sure Click bypassed one or more email gateway scanner in Q1 2023.

May 2023’s Most Wanted Malware: New Version of Guloader Delivers Encrypted Cloud-Based Payloads

Retrieved on: 
Friday, June 9, 2023
Educational research, Trojan, Remote desktop software, Google Drive, URI, Directory, C&C, Education, Microsoft Outlook, Microsoft Windows, Health care, OS, Google Store, Intelligence, Microsoft, Check Point, Android, Brain, Apache, Research, Computer, Form book, Maas, Organization, Google Chrome, SAN, DLL, HTTP, Firefox, RAT, Form, SMS, Software, Cryptocurrency, Online shopping, Video game, Mobile phone, Anubis, BASHLITE, Office

Researchers reported on a new version of shellcode-based downloader GuLoader, which was the fourth most prevalent malware last month.

Key Points: 
  • Researchers reported on a new version of shellcode-based downloader GuLoader, which was the fourth most prevalent malware last month.
  • With fully encrypted payloads and anti-analysis techniques, the latest form can be stored undetected in well-known public cloud services, including Google Drive.
  • The payloads are fully encrypted and stored undetected in renowned public cloud services, including Google Drive.
  • It has recently been seen abusing a dynamic link library (DLL) hijacking flaw in the Windows 10 WordPad program to infect computers.

Exploits, Botnets and Malware Spike in Q1 2023

Retrieved on: 
Wednesday, May 17, 2023
IDC, Security, MSSP, NetSupport Manager, TTP, Intelligence, Microsoft OneNote, Microsoft, Apache, Form book, Organization, JavaScript, Health, Risk management, Online shopping, Mobile phone, Microsoft Excel

COMMERCE, Mich., May 17, 2023 /PRNewswire/ -- Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q1 2023 Cyber Threat Report. The quarterly report provides a comprehensive analysis of the threat landscape, examining threat data as well as specific tactics, techniques and procedures (TTPs) organizations should watch out for.

Key Points: 
  • COMMERCE, Mich., May 17, 2023 /PRNewswire/ -- Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q1 2023 Cyber Threat Report .
  • Nuspire's latest report reveals that the breakneck pace at which threats increased in 2022 has continued into 2023.
  • In fact, data show significantly elevated activity levels across all three types of threats Nuspire monitors: malware, botnets and exploits.
  • Access Nuspire's Q1 2023 Cyber Threat Report to view the data and learn key mitigation strategies for protecting your organization's environment.

February 2023’s Most Wanted Malware: Remcos Trojan Linked to Cyberespionage Operations Against Ukrainian Government

Retrieved on: 
Thursday, March 9, 2023
RAR, Disclosure, CPR, Maas, Apache, Ukrtelecom, Android, Check Point, Intelligence, Russo-Ukrainian War, Health care, URI, SAN, BASHLITE, Research, RAT, Educational research, Directory, Denial-of-service attack, Form book, Emotet, Google Store, SMS, OS, Trojan, Anubis, C&C, Form, Organization, Remote desktop software, Arms industry, Online shopping, Mobile phone, Surveying

Meanwhile, Emotet Trojan and Formbook Infostealer climbed the ranking taking second and third place respectively, while Education/Research remained the most targeted industry.

Key Points: 
  • Meanwhile, Emotet Trojan and Formbook Infostealer climbed the ranking taking second and third place respectively, while Education/Research remained the most targeted industry.
  • The ongoing attacks are believed to be linked to cyberespionage operations due to the behavior patterns and offensive capabilities of the incidents.
  • However, the latest campaign used a more traditional route of attack, using phishing scams to obtain user information and extract data.
  • It’s important that all organizations and government bodies follow safe security practices when receiving and opening emails.

September 2022’s Most Wanted Malware: Formbook on Top While Vidar ‘Zooms’ Seven Places

Retrieved on: 
Wednesday, October 12, 2022
Monero, SAN, C&C, VP, Threat intelligence, Android, NASDAQ, International Center for Ethnobotanical Education, Research and Service, Microsoft, Google Store, Intelligence, RAT, Solution, Journal of Artificial Intelligence Research, Check Point, Form book, Google Chrome, Remote desktop software, OS, Eye, Knowledge, Software, Industry, IP, Firefox, GLOBE, Anubis, Point, Disclosure, Risk, Health care, Prevalence, Organization, Trojan, Mobility as a service, Research, Microsoft Windows, Law enforcement, CPR, Fuel injection, HTTP, Â, CPU, Microsoft Outlook, Injection, The Meadows of the Righteous, Apache, Hydra, SMS, Online shopping, Weapon, Risk management, Aquaculture, Cryptocurrency, Mobile phone, Surveying, Google Play, Zoom

CPR reports that while Formbook is still the most prevalent malware, impacting 3% of organizations worldwide, Vidar is now in eighth position, up seven places from August.

Key Points: 
  • CPR reports that while Formbook is still the most prevalent malware, impacting 3% of organizations worldwide, Vidar is now in eighth position, up seven places from August.
  • Since the onset of the Russia-Ukraine war, CPR has continued to monitor the impact on cyberattacks in both countries.
  • During September, Ukraine had jumped 26 places, Poland and Russia moved up 18 places each, and both Lithuania and Romania moved up 17 places, among others.
  • Users of Zoom need to stay alert to fraudulent links as this is how the Vidar malware has been distributed lately.

July 2022’s Most Wanted Malware: Emotet Takes Summer Vacation but Definitely Not ‘Out-of-Office’

Retrieved on: 
Wednesday, August 10, 2022
Monero, Directory, Disclosure, Intelligence, URL, International Center for Ethnobotanical Education, Research and Service, Industry, Name, Form book, Self-propagating high-temperature synthesis, GLOBE, Internet, Journal of Artificial Intelligence Research, Â, The Meadows of the Righteous, Prevalence, Apache, Law enforcement, CPU, Research, Microsoft, RAT, Microsoft Windows, Threat intelligence, Mobility as a service, SAN, Google Store, C&C, Remote desktop software, VP, CPR, NASDAQ, Android, Trojan, Check Point, Solution, Mining, Organization, Weapon, Online shopping, Cryptocurrency, Private investigator, Internet service provider, Surveying, Emotet, Anubis

After a peak in Emotet's global impact last month, Emotet is back to its global impact numbers and continues as the most widespread malware.

Key Points: 
  • After a peak in Emotet's global impact last month, Emotet is back to its global impact numbers and continues as the most widespread malware.
  • Emotet continues to dominate our monthly top malware charts, said Maya Horowitz, VP Research at Check Point Software.
  • Emotet was once used as a banking Trojan, but recently is used as a distributer to other malware or malicious campaigns.
  • Check Point Software Technologies Ltd. ( www.checkpoint.com ) is a leading provider of cyber security solutions to corporate enterprises and governments globally.

June 2022’s Most Wanted Malware: New Banking, MaliBot, Poses Danger for Users of Mobile Banking

Retrieved on: 
Tuesday, July 12, 2022
Threat intelligence, Infection, SMS, Machine Intelligence Research Institute, International Center for Ethnobotanical Education, Research and Service, Apache, The Meadows of the Righteous, Word, Privacy, Solution, RAT, Health care, Intelligence, Organization, PDF, Directory, Name, SAN, Android, CPR, Research, Mining, GLOBE, URL, VP, Microsoft Windows, C&C, Self-propagating high-temperature synthesis, Disclosure, Google Store, Remote desktop software, Industry, Law enforcement, Mobility as a service, Form book, NASDAQ, Trojan, Cryptocurrency, Online shopping, Mobile phone, Surveying, Anubis, Emotet

Although only just discovered, MaliBot, a banking, has already reached third place in the most prevalent mobile malwares list.

Key Points: 
  • Although only just discovered, MaliBot, a banking, has already reached third place in the most prevalent mobile malwares list.
  • It disguises itself as cryptocurrency mining applications under different names and targets users of mobile banking to steal financial information.
  • Researchers also reported about new variant of Emotet in June that has credit card stealing capabilities and targets Chrome browser users.
  • The threat landscape is evolving rapidly, and mobile malware is a significant danger for both personal and enterprise security.

May 2022’s Most Wanted Malware: Snake Keylogger Returns to the Top Ten after a long absence

Retrieved on: 
Thursday, June 9, 2022
PDF, Google Chrome, Directory, Emotet, Multimedia, International Center for Ethnobotanical Education, Research and Service, Android, URI, Research, C&C, Microsoft, Disclosure, Firefox, Threat intelligence, Software, Solution, Form book, Industry, Mobility as a service, MSP, VP, Law enforcement, Apache, Organization, SMS, Internet, CPR, Machine Intelligence Research Institute, Tesla, Education, ISP, Microsoft Outlook, Intelligence, GLOBE, Risk, NASDAQ, SAN, Microsoft Windows, Index, Weapon, Cryptocurrency, Online shopping, Internet service provider, Satellite navigation device, Surveying, Office, Trojan

Researchers report that Emotet, an advanced, self-propagating and modular Trojan, is still the most prevalent as a result of multiple widespread campaigns.

Key Points: 
  • Researchers report that Emotet, an advanced, self-propagating and modular Trojan, is still the most prevalent as a result of multiple widespread campaigns.
  • This month, Snake Keylogger has jumped into eighth place after a long absence from the index.
  • Its persistence also makes it difficult to be removed once a device has been infected, making it the perfect tool in a cybercriminals arsenal.
  • Check Point Software Technologies Ltd. ( www.checkpoint.com ) is a leading provider of cyber security solutions to corporate enterprises and governments globally.

April 2022’s Most Wanted Malware: A Shake Up in the Index but Emotet is Still on Top

Retrieved on: 
Wednesday, May 11, 2022
URL, SMS, C&C, Microsoft Windows, Firefox, Internet, ISP, Disclosure, Microsoft, International Center for Ethnobotanical Education, Research and Service, Office, Solution, VP, Intelligence, NASDAQ, The Meadows of the Righteous, Industry, Microsoft OneDrive, Machine Intelligence Research Institute, Strut, Android, Research, SAN, Mobility as a service, MSP, Â, Microsoft Outlook, Check Point, Apache, Threat intelligence, Tesla, Movement, CPR, RAT, Self-propagating high-temperature synthesis, Google Chrome, Emotet, GLOBE, Software, OS, Organization, Java, Law enforcement, Index, Weapon, Online shopping, Risk management, Fossil fuel, Cryptocurrency, Satellite navigation device, Surveying, Apache Struts 2, Trojan, Form book

Researchers report that Emotet, an advanced, self-propagating and modular Trojan, is still the most prevalent malware impacting 6% of organizations worldwide.

Key Points: 
  • Researchers report that Emotet, an advanced, self-propagating and modular Trojan, is still the most prevalent malware impacting 6% of organizations worldwide.
  • In fact, there are reports that Emotet has a new delivery method; using phishing emails that contain a OneDrive URL.
  • As a result, once Emotet finds a breach, the consequences can vary depending on which malware was delivered after the breach was compromised.
  • Apache Struts ParametersInterceptor ClassLoader Security Bypass shoots up the index, now in third place with a global impact of 45%.

February 2022’s Most Wanted Malware: Emotet Remains Number One While Trickbot Slips Even Further Down the Index

Retrieved on: 
Wednesday, March 9, 2022
Bitcoin, NASDAQ, Apache, Index, Industry, Disclosure, VP, HTTP, Research, Conti, Form book, Android, DNS, Law enforcement, C&C, Crew, Engineering education research, Threat intelligence, CPR, Intelligence, MSP, GLOBE, Machine Intelligence Research Institute, Â, Solution, Trojan, Organization, Mobility as a service, SAN, ISP, Weapon, Cryptocurrency, Online gambling, Online shopping, Surveying, Emotet

Researchers report that Emotet is still the most prevalent malware, impacting 5% of organizations worldwide, while Trickbot has slipped even further down the index into sixth place.

Key Points: 
  • Researchers report that Emotet is still the most prevalent malware, impacting 5% of organizations worldwide, while Trickbot has slipped even further down the index into sixth place.
  • During the past few weeks, however, Check Point Research, has noted no new Trickbot campaigns and the malware now ranks sixth in the index.
  • This could be due in part to some Trickbot members joining the Conti ransomware group, as suggested in the recent Conti data leak.
  • Emotet, once used as a banking Trojan, has recently been used as a distributer to other malware or malicious campaigns.