Banking trojan Qbot ousted after a long stay on the rankings, while remote access trojan Remcos enters in sixth place.
For the month of August 2021, Formbook was the most prevalent malware, taking over Trickbot, which has fallen into second place following a three-month long reign, according to the regular Check Point Global Threat Index.
The banking trojan, Qbot, whose operators are known to take breaks during the summer, has dropped from the top 10 completely after a long stay on the list, whilst Remcos, a remote access trojan (RAT), has entered the index for the first time in 2021, ranking in sixth place.
First seen in 2016, Formbook is an infostealer that harvests credentials from various web browsers; collects screenshots; monitors and logs keystrokes; and any threat dictated by its command and control (C&C) orders. Recently, it was distributed via COVID-19 themed campaigns and phishing emails, and in July 2021, was reported to have spawned a new strain of malware called XLoader now targeting macOS users.
Formbook’s contains a number of tricks to be more evasive and harder for researchers to analyze. As it is usually distributed via phishing emails and attachments, the best way to prevent a Formbook infection is by staying acutely aware of any emails that appear strange or come from unknown senders.
Top malware families
As the top ranked malware this month, Formbook impacted 4.5% of organizations globally, followed by Trickbot and Agent Tesla, impacting 4% and 3% of organizations worldwide respectively.
- Formbook
- Trickbot
- Agent Tesla
- XMRig
- Glupteba
- Remcos
- Ramnit
- Tofsee
- Phorpiex
- Floxif
Top exploited vulnerabilities
This month “Web Server Exposed Git Repository Information Disclosure” was the most commonly exploited vulnerability, impacting 45% of organizations globally.
- Web Server Exposed Git Repository Information Disclosure
- HTTP Headers Remote Code Execution
- Dasan GPON Router Authentication Bypass
- MVPower DVR Remote Code Execution
- Apache Struts2 Content-Type Remote Code Execution
- Command Injection Over HTTP
- OpenSSL TLS DTLS Heartbeat Information Disclosure
- NoneCMS ThinkPHP Remote Code Execution
- PHPUnit Command Injection (CVE-2017-9841)
- Netgear DGN Unauthenticated Command Execution
Top mobile malware
- xHelper
- AlienBot
- FluBot