Check Point: Banking trojans are back, Trickbot after two years re-appeared in the top ten malware most wanted list. It has new capabilities, features and distribution vectors, which enables it to be distributed by cybercrime as part of multi-purpose campaigns
Banking trojans are back, especially Trickbot. It has been announced by CheckPoint cyber security experts. In April the malware re-appeared in the top ten most wanted list for the first time in almost two years. The multi-purpose trojan became April’s 8th most prevalent malware variant, returning with new capabilities, features and distribution vectors. In fact, it offers a high level of flexibility and customization, which enables it to be distributed as part of multi-purpose campaigns. Trickbot was used in one such campaign in last month that coincided with Tax Day in the USA. The spam campaign sent emails with Excel files attached, which downloaded the malicious file. Once in the victims’ computers, it could spread inside the network and steal banking details and confidential tax documents for cybercrime use.
The first three position in the top ten malware most wanted list is occupied by cryptominers. The other seven by multi-purpose trojans. From Emotet to Lokibot. The mobile worst threats are Triada, Lotoor and Hiddad
According to the cyber security researchers, the top ten most wanted malware list has cryptominers in the first three positions (Cryptoloot, XMRig and Jsecoin). In the remaining seven there are multi-purpose trojans. Emotet, Dorkbot, Ramnit, Agentesla RAT, Trickbot, Sality and Lokibot. Those pieces of malware, in fact, can be used not only to steal private data and credentials, but also to populate other ransomwares, as Ryuk for Emotet and Trickbot. For the mobile side, instead, the three top cybercrime threats are Triada, Lotoor and Hiddad. The first one is a modular backdoor, the second an hack tool for Android and the third one a malware that repackages legitimate apps and then releases them to a third-party store.