The number one threat for Android users is the versatile banking trojan Anubis. PC users should be the most fearful of FakeUpdates malware disseminated by Russian hackers.
Cybersecurity firm Check Point has compiled a list of the most prevalent malware strains.
Android users are most often attacked by Anubis. This banking trojan has evolved to include advanced offensive capabilities.
It can intercept one-time passwords sent via SMS messages and bypass multi-factor authentication (MFA), keylog user inputs, record audio, and perform ransomware functions.
Additionally, Anubis includes remote access Trojan (RAT) features, enabling extensive surveillance and control over infected systems.
“It is often distributed through malicious apps on the Google Play Store and has become one of the most prevalent mobile malware families,” Check Point researchers said.
Various groups abuse the Anubis code as it is now freely available and open source. Users should beware of phishing via emails, SMS, and websites and avoid sideloading apps.
The second largest threat for Android users is another remote access trojan (RAT) called AhMyth. It typically disguises as screen recorders, games, cryptocurrency tools, or other legitimate apps.
“Once installed, it gains extensive permissions to persist after reboot and exfiltrate sensitive information such as banking credentials, cryptocurrency wallet details, multi-factor authentication (MFA) codes, and passwords. AhMyth also enables keylogging, screen capture, camera and microphone access, and SMS interception, making it a versatile tool for data theft and other malicious activities,” Check Point said.
The third most prevalent Android malware is Necro, an Android downloader that retrieves and executes harmful components on infected devices based on commands from hackers. Several popular apps on Google Play have been infected with it. The malware is often disseminated via unofficial third-party platforms with modified versions of Spotify, WhatsApp, Minecraft, or other apps.
“Necro can download dangerous modules to smartphones, enabling actions such as displaying and clicking on invisible ads, downloading executable files, and installing third-party apps. It can also open hidden windows to run JavaScript, potentially subscribing users to unwanted paid services,” Check Point warns.
“Furthermore, Necro can reroute internet traffic through compromised devices, turning them into part of a proxy botnet for cybercriminals.”
Android users should never allow apps to turn off Google Play Protect security and avoid third-party apps.
PCs targeted by FakeUpdates
The most prevalent malware this year is FakeUpdates, also known as SocGholish. It impacted 4% of worldwide organizations. This strain is associated with Russian threat actor Evil Corp.
FakeUpdates is downloader malware used by hackers to initiate an infection and deliver secondary payloads.
It is spread through drive-by (unintentional) downloads on compromised or malicious websites, prompting users to install a fake browser update.
“FakeUpdates continues to pose a significant threat in the cyber landscape, playing a crucial role in facilitating ransomware attacks,” the report reads.
The other two most dominant malware strains, Formbook and Remcos, impacted 3% of worldwide organizations each.
Formbook is an infostealer malware that primarily targets Windows systems and can harvest credentials from various web browsers, collect screenshots, and monitor and log keystrokes. The malware can download and execute additional payloads. Formbook spreads via phishing campaigns, malicious email attachments, and compromised websites, often disguised as legitimate files.
Remcos is a remote access trojan often distributed through malicious documents in phishing campaigns. It is designed to bypass Windows security mechanisms and run malware with elevated privileges, making it a versatile tool for threat actors.
Androxgh0st is in fourth place. This Python-based malware targets applications using the Laravel PHP framework by scanning for exposed .env files for login credentials. Once access is gained, attackers can deploy additional malware, establish backdoor connections, and exploit cloud resources for activities like cryptocurrency mining.
Other prevalent malware strains include trojan AsyncRat, SnakeKeylogger, botnet Phorpiex, malicious browser extension Rilide, botnet Amadey, and trojan AgentTesla.
Your email address will not be published. Required fields are markedmarked