Malware News Malware September 2024: Formbook on Windows devices

[Gandalf_The_Grey]

Content source

https://borncity.com/win/2024/10/26/malware-september-2024-formbook-auf-windows-geraten/

Brief addendum on the subject of security and malware risks. I have had the malware report for September 2024 from security provider Check Point since mid-October 2024. Windows systems in Germany were probably particularly affected by the Formbook malware. The infostealer replaced CloudEye as the most active malware in this country and accounted for a full 21 percent of all infections. In addition, the transportation sector was again increasingly targeted by hackers. Here is a brief overview.

Check Point® Software Technologies Ltd, a cloud-based cybersecurity provider, has released its September 2024 Global Threat Index from Check Point Research. The new report shows a trend towards AI-driven malware and demonstrates the continued dominance of the ransomware threat.

Top malware in Germany

• ↑ Formbook (21,2 %) – FormBook iis an infostealer that targets the Windows operating system and was first discovered in 2016. It is marketed in underground hacker forums as Malware as a Service (MaaS), as it has strong obfuscation techniques and is relatively cheap. FormBook collects login credentials from various web browsers, takes screenshots, monitors and logs keystrokes, and can download and execute files according to the instructions of its C&C.
• ↔ Androxgh0st (4,6 %) – Androxgh0st is a botnet that targets Windows, Mac and Linux platforms. For infiltration, Androxgh0st exploits several vulnerabilities, particularly in PHPUnit, Laravel Framework and Apache Web Server. The malware steals sensitive information such as Twilio account information, SMTP credentials, AWS keys and the like. It uses Laravel files to collect the required information. There are different variants that look for different information.
• ↔ FakeUpdates (3,3 %) – Fakeupdates (alias SocGholish) is a downloader written in JavaScript. It writes payloads to the hard disk before launching them. FakeUpdates led to further system compromise by many additional malicious programs, including GootLoader, Dridex, NetSupport, DoppelPaymer and AZORult

Top mobile malware

• ↔ Joker – An Android spyware in Google Play that steals SMS messages, contact lists and device information. In addition, the malware silently signs the victim up for premium services on advertising websites.
• ↔ Anubis – Anubis is a banking Trojan malware designed for Android cell phones. Since its discovery, it has gained additional features including Remote Access Trojan (RAT) functionality, a keylogger, audio recording capabilities and various ransomware features. It has been detected in hundreds of different applications available in the Google Store.
• ↑ Hiddad – Hiddad is an Android malware that repackages legitimate apps and then publishes them in a third-party store. Its main function is to display advertisements, but it can also gain access to important security details built into the operating system.

Malware September 2024: Formbook on Windows devices

[German]Brief addendum on the subject of security and malware risks. I have had the malware report for September 2024 from security provider Check Point since mid-October 2024.

borncity.com