<з>Any.Run, interactive service for automated malware analysis has compiled a list of the ten most common threats downloaded to this platform. The Trojan Emotet topped this 2019 threat rating.
The top includes malware designed to steal all types of confidential information, bank details, and remote access tools to control a hacked host.
No.1 Emotet – 36,026 samples
The Trojan was first discovered in 2014 and was used to intercept data transmitted through secure connections. Recall that in September of this year, Emotet returned to life after 4 months of inactivity. Operators sent emails containing malicious files and links for malware downloads. The victims of the campaign are users who speak Polish and German.
No.2 Agent Tesla – 10 324
Agent Tesla is an advanced tool for remote access (RAT). The malware has been infecting computers since 2014, acting as a keylogger and password stealer.
No.3 NanoCore – 6,527
NanoCore is the most popular tool among all RATs. In addition to providing remote access to the victim host, it can log keys, spy, execute files, capture video and audio, edit the registry, and control the mouse.
No.4 LokiBot – 5693
LokiBot has appeared in clandestine forums as an information thief and keylogger, but further development has added various features that allow it to avoid detection and collect confidential information.
No.5 Ursnif – 4,185
Ursnif is usually associated with data theft, but some versions come with such components as backdoors, spyware, or files’ embedding. Security researchers also associate with this threat the deployment of another malware, the GandCrab.
No.6 FormBook – 3,548
Malicious software was developed to capture data typed on the keyboard in web forms. Its functions include collecting credentials from web browsers (cookies, passwords), creating screenshots, stealing clipboard contents, keeping a key log, downloading and running executable files from the management and control server, and stealing passwords from email clients.
No. 7 HawkEye – 3,388
The keylogger supports intercepting keystrokes and allows stealing credentials from various applications and the clipboard.
No.8 AZORult – 2 898
The main function of the malware is to collect and extract data from a compromised system, including passwords stored in browsers, mail and FTP clients, cookies, web forms, cryptocurrency wallets, and correspondence in instant messengers.
No.9 TrickBot – 2,510
Initially, TrickBot was used only in attacks against Australian users, but in April 2017, it began to be used in attacks on banks in the USA, Great Britain, Germany, Ireland, Canada, New Zealand, Switzerland, and France. Typically, it is distributed through Emotet and can download other malicious programs to the system (for example, Ryuk ransomware).
No.10 njRAT – 2,355
njRAT is based on .NET and allows attackers to control the system completely. Previously, the Trojan was distributed via spam messages containing advertising of cheat codes and a license key generator for the game “Need for Speed: World”. It has also been used in several malicious campaigns that use OpenDocument Text (ODT) files.
As was said before, the Check Point Research Team published the Global Threat Index report, listing the most dangerous malware of November 2019, so in the November ranking, in addition to obvious threats to mobile devices, also was leading Emotet.