FormBook Is Now The Most Prevalent Malware

No photo availableByStaff Writer
3 min read
FormBook is now the most prevalent malware, taking over from Emotet, which has held that position since its reappearance in January
FormBook is an Infostealer targeting Windows OS which, once deployed, can harvest credentials, collect screenshots, monitor, and log keystrokes
FormBook is an Infostealer targeting Windows OS which, once deployed, can harvest credentials, collect screenshots, monitor, and log keystrokes

Check Point Research (CPR), the Threat Intelligence arm of Check Point Software Technologies Ltd. (NASDAQ: CHKP), has published its latest Global Threat Index for August 2022.

From the Threat Index, CPR reports that FormBook is now the most prevalent malware, taking over from Emotet, which has held that position since its reappearance in January.

FormBook is an Infostealer targeting Windows OS which, once deployed, can harvest credentials, collect screenshots, monitor, and log keystrokes as well as download and execute files according to its command and control (C&C) orders. Since it was first spotted in 2016, it has continued to make a name for itself, marketed as a Malware as a Service (MaaS) in underground hacking forums, known for its strong evasion techniques and relatively low price.

As per the report, August also saw a rapid increase in GuLoader activity, which resulted in it being the fourth most widespread malware. GuLoader was initially used to download Parallax RAT but has since been applied to other remote access trojans and inforstealers such as Networe, FormBook and Agent Tesla

It is commonly distributed through extensive email phishing campaigns, that lure the victim into downloading and opening a malicious file, allowing the malware to get to work.

Additionally, Check Point Research reports that Joker, an Android spyware, is back in business and has claimed third place in the top mobile malware list this month. Once Joker is installed, it can steal SMS messages, contact lists and device information as well as sign the victim up for paid premium services without their consent. Its rise can partially be explained by an uplift in campaigns as it was recently spotted to be active in some Google Play Store applications.

“The shifts that we see in this month’s index, from Emotet dropping from first to fifth place to Joker becoming the third most prevalent mobile malware, is reflective of how fast the threat landscape can change” said Maya Horowitz, VP Research at Check Point Software.

“This should be a reminder to individuals and companies alike, of the importance of keeping up to date with the most recent threats as knowing how to protect yourself is essential. Threat actors are constantly evolving and the emergence of FormBook shows that we can never be complacent about security and must adopt a holistic, prevent-first approach across networks, endpoints and the cloud,” she added.

CPR also revealed this month that the Education/Research sector is still the most targeted industry by cybercriminals globally. With Government/Military and Healthcare taking second and third place as the most attacked sectors. “Apache Log4j Remote Code Execution” returns to first place as the most exploited vulnerability, impacting 44% of organizations worldwide, after overtaking “Web Server Exposed Git Repository Information Disclosure” which had an impact of 42%.

 

DX100 (CIO100) is here.

Call for the most innovative digital transformation brains! Apply now via link.

100+ winners will be featured on www.cioafrica.co Final deadline: 31 September 2022.

 

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co