Hancitor has grown into the main five of the ‘most wanted’ malware families worldwide for the first time, reported by Checkpoint Threat Intelligence Research Team.

Hancitor also called as Chanitor is typically sent as a macro-enabled empowered Office document in phishing messages with “critical” messages, for example, phone messages, faxes or invoices.

Mostly the main 10 malware families uncovered that programmers were utilizing an extensive variety of attack vectors and strategies to target organizations.

The index ranked Kelihos, a botnet utilized as a part of bitcoin robbery, as the most widespread malware family, with 12% of associations universally affected by it.

Today, Kelihos keeps on developing as a standout amongst the most leading distributor of spam on the planet, with more than 300,000 contaminated machines, each equipped for sending more than 200,000 messages a day.

The main three most popular malware in February were Kelihos in, to begin with, affecting 12% of associations, trailed by HackerDefender, affecting 5% and Cryptowall which influenced 4.5% of organizations internationally.

Top 10 Most wanted Malware


Botnet predominantly included in bitcoin robbery and spamming. It uses shared peer-to-peer communications, empowering every individual node to go about as a Command and Control server.


A user-mode rootkit for Windows can be utilized to hide files, procedures and registry keys, and furthermore, executes a backdoor and port redirector that works through TCP ports opened by existing services. This implies it is unrealistic to locate the hidden backdoor through conventional means.


Ransomware that began as a Cryptolocker doppelgänger, yet in the end outperformed it. After the takedown of Cryptolocker, Cryptowall got to be distinctly a standout amongst the most famous ransomware’s to date. Cryptowall is known for its utilization of AES encryption and for leading its C&C communication over the Tor hidden network. It is generally scattered by means of exploit units, malvertising, and phishing attempts.


The worm that permits remote operations and malware download. The contaminated machine is controlled by a botnet, which contacts its Command and Control server to get directions.


Downloader used to introduce malicious payloads, (for example, Banking Trojans and Ransomware) on contaminated machines. Otherwise called Chanitor, Hancitor is typically conveyed as a large scale empowered Office document in phishing messages with “critical” messages, for example, phone messages, faxes or invoices.


Banking Trojan that does man-in-the-browser keystroke logging and form grabbing so as to take keeping banking details.


Infostealer intended to obtain client account data, for example, logins and passwords and send them to a remote server.


Multipurpose bot, otherwise called Bayrob, that is utilized to gather passwords, change system settings and download other malware. It is generally spread by means of spam messages with the beneficiary address encoded in the binary, along these lines making each file different.


Trojan used to take delicate data, for example, user names and passwords put away in web programs, and in addition email and FTP certifications.


Worm that spreads itself by sending texts to contacts on Skype. It extricates user information from the machine and speaks with remote servers by utilizing a Domain Generation Algorithms (DGA).

Hancitor Makes First Appearance in Top Five Most wanted malware
@Checkpoint Threat Research

Mobile Malware

With Mobile, Malware Hiddad moves to the top spot following Hummingbad and Trida.


Android malware which repackages genuine applications and after that discharges them to an app store. Its fundamental capacity is showing advertisements, in any case it is likewise ready to access security details incorporated with the OS, permitting an attacker to acquire delicate user information.


Android malware that builds up a determined rootkit on the gadget, introduces malicious applications, and with slight alterations could empower extra malicious activity, for example, introducing a key-logger, taking credentials and bypassing encrypted email holders utilized by the enterprise.


Backdoor for Android which gives super-user permission to downloaded malware, as helps it to get installed into the system process. Triada has additionally been seen spoofing URL’s that opened in the browser.

Organizations should adequately be equipped to deal with the ever-increasing number of threats, the speed of malware development demonstrates the difficulties faced by IT departments around the world.


Also Read