August’s Top Malware Emotet Knocked off Top Spot by FormBook while GuLoader and Joker Disrupt the Index
Check Point Research reports that FormBook is the most prevalent malware, while the Android spyware Joker takes third place in the mobile index. Apache Log4j Remote Code Execution also returns to first place as the most exploited vulnerability
SAN CARLOS, Calif., Sept. 14, 2022 (GLOBE NEWSWIRE) -- Check Point Research (CPR), the Threat Intelligence arm of Check Point Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has published its latest Global Threat Index for August 2022.
CPR reports that FormBook is now the most prevalent malware, taking over from Emotet, which has held that position since its reappearance in January.
FormBook is an Infostealer targeting Windows OS which, once deployed, can harvest credentials, collect screenshots, monitor and log keystrokes as well as download and execute files according to its command and control (C&C) orders. Since it was first spotted in 2016, it has continued to make a name for itself, marketed as a Malware as a Service (MaaS) in underground hacking forums, known for its strong evasion techniques and relatively low price.
August also saw a rapid increase in GuLoader activity, which resulted in it being the fourth most widespread malware. GuLoader was initially used to download Parallax RAT but has since been applied to other remote access trojans and infostealers such as Netwire, FormBook and Agent Tesla. It is commonly distributed through extensive email phishing campaigns, that lure the victim into downloading and opening a malicious file, allowing the malware to get to work.
Additionally, Check Point Research reports that Joker, an Android spyware, is back in business and has claimed third place in the top mobile malware list this month. Once Joker is installed, it can steal SMS messages, contact lists and device information as well as sign the victim up for paid premium services without their consent. Its rise can partially be explained by an uplift in campaigns as it was recently spotted to be active in some Google Play Store applications.
“The shifts that we see in this month’s index, from Emotet dropping from first to fifth place to Joker becoming the third most prevalent mobile malware, is reflective of how fast the threat landscape can change,” said Maya Horowitz, VP Research at Check Point Software. “This should be a reminder to individuals and companies alike, of the importance of keeping up to date with the most recent threats as knowing how to protect yourself is essential. Threat actors are constantly evolving and the emergence of FormBook shows that we can never be complacent about security and must adopt a holistic, prevent-first approach across networks, endpoints and the cloud.”