Global Courant 2023-04-14 12:43:03
Main image: beeping computer
According to Check Point Software Technologies, a new Emotet campaign is spreading malicious OneNote files by bypassing Microsoft’s security measures. This is included in the March 2023 Global Threat Index. Last month, researchers discovered a new malware campaign for the Emotet Trojan, which had become the second most prevalent malware.
Ever since Microsoft announced it would block macros in office files, emotet attackers have been looking for new ways to distribute malicious files. The attackers used a new strategy in this campaign and sent spam emails containing a malicious OneNote file. When the document is opened, a bogus message pops up, tricking the victim into clicking it, thereby downloading the Emotet infection. When malware is installed, it can collect user email details, such as login credentials and contact information. The attackers then use the collected data to extend the reach of the campaign and facilitate future attacks.
“While major technology companies do their best to cut cybercriminals at the source, it is almost impossible to prevent every attack from evading security measures,” said Maya Horowitz, VP of Research at Check Point Software. Emotet is a sophisticated Trojan horse, so it’s no surprise that it managed to get past Microsoft’s most recent defenses. The most important thing people can do is ensure adequate email security, prevent unexpected files from being downloaded, and maintain a healthy skepticism about the origin and content of emails.”
The most commonly exploited vulnerability, according to Check Point Research (CPR), was Apache Log4j Remote Code Execution, which affected 44% of organizations worldwide, followed by HTTP Headers Remote Code Execution, which affected 43% of organizations worldwide, and MVPower DVR Remote Code Execution, which had a global impact of 40%.
Last month, Qbot was the most prevalent malware family, with a global impact of more than 10%, followed by Emotet and Formbook, each with a global impact of 4%.
Qbot, also known as Qakbot, is a banking Trojan first identified in 2008. It is designed to steal a user’s banking credentials or keystrokes and is commonly distributed through spam emails. To avoid detection and thwart analysis, Qbot uses a number of anti-VM, anti-debugging and anti-sandbox techniques.
Emotet is an advanced, self-replicating, modular trojan. Emotet was previously used as a banking Trojan, but is now used to proliferate other malware or malicious campaigns. To avoid detection, it uses a variety of methods to maintain persistence and evasion techniques. It can also be distributed via phishing emails that contain malicious attachments or links.
FormBook is a data thief targeting Windows operating systems that was first discovered in 2016. It is marketed as “Malware as a Service (MaaS)” on underground hacking forums due to its strong evasion techniques and low price. Formbook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files based on commands from its C&C.
Last month, education/research remained the most targeted sector globally, followed by government/military and then healthcare.
In terms of mobile malware, Ahmyth has overtaken Anubis and Hiddad to become the most prevalent malware.
Ahmyth is a remote access trojan (RAT) that was first discovered in 2017. It is distributed via Android apps, which are available in app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, screenshots, text messages, and camera activation.
Anubis is a banking Trojan malware that targets Android devices. Since its detection, it has gained new capabilities, including Remote Access Trojan (RAT) functionality.
