Often used in the initial stages of ransomware attacks, this nasty trojan is the most prevalent malware for the second month running.
For the month of June 2021, Check Point Research has revealed that Trickbot is still the most wanted malware, having first taken the top spot in May.
Last month, the firm had reported that the average weekly number of ransomware attacks had increased 93% over the past 12 months, and also warned that ransomware attacks often do not start with ransomware. For example, in the Ryuk ransomware attacks, the Emotet malware was used to infiltrate the network, which was then infected with this month’s top malware, Trickbot, before the ransomware finally encrypted the data.
Since the Emotet botnet was taken down in January, the Trickbot trojan and botnet has gained popularity. It has also recently been linked to a new ransomware strain called ‘Diavol’. Trickbot is constantly being updated with new capabilities, features and distribution vectors, which enable it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.
Finally, note that well-known ransomware groups such as Ryuk and REvil first rely on various forms of malware for the initial stages of infection—a key one being this month’s top malware, Trickbot.
Top malware families
Trickbot impact of 7% of global organizations, followed by XMRig and Formbook impacting 3% of organizations worldwide each.
- Trickbot
- XMRig
- Formbook
- Glupteba
- Agent Tesla
- Ramnit
- Qbot
- Phorpiex
- xHelper
- NJRat
Top exploited vulnerabilities
The same old faces top the list this month.
- HTTP Headers Remote Code Execution (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756)
- MVPower DVR Remote Code Execution
- Dasan GPON Router Authentication Bypass (CVE-2018-10561)
- Web Server Exposed Git Repository Information Disclosure
- Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638, CVE-2017-5638, CVE-2019-0230)
- OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160, CVE-2014-0346)
- Command Injection Over HTTP
- NoneCMS ThinkPHP Remote Code Execution (CVE-2018-20062)
- Muieblackcat PHP Scanner
- SQL Injection (different techniques)
Top mobile malware
The same faces rotating among themselves:
- xHelper
- Hiddad
- XLoader