The latest malware threats: Glupteba and Qbot take center stage in December 2022

• Glupteba has re-entered the top ten list of malware, according to Check Point Research, after not being on the list since July 2022.
• In December 2022, Qbot surpassed Emotet as the most common malware, and android malware Hiddad made a resurgence.

When it comes to malware, it’s not just about the potential financial losses or the disruption of business operations but also about the threats of loss of trust and reputational damage that come with it. In today’s digital age, companies hold vast amounts of sensitive data and personal information. A successful malware attack can lead to the loss of that information, damaging customers’ trust in a company.

Cyberattacks will cause an estimated US$ 10.5 trillion in damage annually by 2025, a 300 percent increase from 2015. The inclusion of malware threats as one of the leading causes of this damage is significant. Malware, such as advanced persistent threats (APTs) and ransomware, can evade traditional security measures and cause substantial damage to an organization.

According to Check Point Software Technologies’ latest Global Threat Index for December 2022, Glupteba Malware, a blockchain-enabled Trojan botnet, has re-entered the top ten list for the first time since July 2022 and is now in eighth place. Qbot, a Trojan specializing in stealing banking credentials and keystrokes, became the most widespread malware after its comeback last month, affecting 7% of organizations worldwide.

The severity of the two malware threats.

Why is this such a big deal?

The significance of Glupteba malware should not be underestimated. Despite being disrupted by Google in December 2021, it has come back. As a modular malware, Glupteba can achieve various objectives on an infected computer, such as being used as a downloader and dropper for other malware, leading to potentially serious issues like ransomware infections, data breaches, and other security incidents.

Glupteba malware can also steal user credentials and session cookies, allowing the attacker to access a user’s online accounts or other systems and steal sensitive data or perform other malicious actions using these compromised accounts. Additionally, Glupteba is commonly used to deploy crypto mining functions on its target, draining a computer’s resources by using them to mine blocks. All these factors make Glupteba a formidable threat that organizations and individuals should take seriously and take appropriate measures to protect against.

QBot is another malware that organizations and individuals should take seriously. As an information stealer with backdoor and self-spreading capabilities active since 2009, QBot is often used as the initial point of entry in malicious attacks. Attackers distribute QBot by exploiting vulnerabilities such as Follina, a Microsoft Support Diagnostic Tool (MSDT) vulnerability tracked as CVE-2022-30190, allowing remote code execution.

Since 2020, one of the primary infection methods employed by QBot’s operators has been hijacking email threads. This technique has been used in multiple waves of attacks and remains successful even today. As these malware are constantly evolving and changing, organizations and individuals need to be aware of the threat and take appropriate measures to protect themselves.

The education and research industry experienced the highest number of cyber-attacks last month, followed by the government and military sectors and healthcare.

How do other malware perform?

Last month, QBot emerged as the most widespread malware globally, impacting 7% of organizations worldwide, followed by Emotet at 4% and XMRig at 3%.

Attackers often use XMRig, a type of open-source CPU mining software, to mine Monero cryptocurrency, which came in third place. Attackers often use it to conduct illegal mining on victims’ devices by incorporating it into their malware.

In fourth place was Formbook, an infostealer malware that targets the Windows OS. It is marketed as malware as a Service (MaaS) on underground hacking forums due to its powerful evasion techniques and affordable price. FormBook can harvest credentials from various web browsers, collect screenshots, monitor and log keystrokes, and download and execute files according to commands from its Command and Control server.

In December, the company also noticed Hiddad making its way onto the top three list of mobile malware for the first time in 2022. This ad-distributing malware targets android devices by repackaging legitimate apps and releasing them to third-party stores. While its primary function is to display ads, it also can access key security features of the device’s operating system.

Their latest research highlights that malware often disguises as legitimate software to give hackers backdoor access to devices without raising suspicion. That’s why it is crucial to be cautious when downloading software, apps, and clicking on links, even if they appear genuine.

---

---

---

---