Monday, February 17, 2025
HomeMalwareHancitor Makes First Appearance in Top Five Most wanted malware - February...

Hancitor Makes First Appearance in Top Five Most wanted malware – February 2017

Published on

SIEM as a Service

Follow Us on Google News

Hancitor has grown into the main five of the ‘most wanted’ malware families worldwide for the first time, reported by Checkpoint Threat Intelligence Research Team.

Hancitor also called as Chanitor is typically sent as a macro-enabled empowered Office document in phishing messages with “critical” messages, for example, phone messages, faxes or invoices.

Mostly the main 10 malware families uncovered that programmers were utilizing an extensive variety of attack vectors and strategies to target organizations.

The index ranked Kelihos, a botnet utilized as a part of bitcoin robbery, as the most widespread malware family, with 12% of associations universally affected by it.

Today, Kelihos keeps on developing as a standout amongst the most leading distributor of spam on the planet, with more than 300,000 contaminated machines, each equipped for sending more than 200,000 messages a day.

The main three most popular malware in February were Kelihos in, to begin with, affecting 12% of associations, trailed by HackerDefender, affecting 5% and Cryptowall which influenced 4.5% of organizations internationally.

Top 10 Most wanted Malware

Kelihos

Botnet predominantly included in bitcoin robbery and spamming. It uses shared peer-to-peer communications, empowering every individual node to go about as a Command and Control server.

HackerDefender

A user-mode rootkit for Windows can be utilized to hide files, procedures and registry keys, and furthermore, executes a backdoor and port redirector that works through TCP ports opened by existing services. This implies it is unrealistic to locate the hidden backdoor through conventional means.

Cryptowall 

Ransomware that began as a Cryptolocker doppelgänger, yet in the end outperformed it. After the takedown of Cryptolocker, Cryptowall got to be distinctly a standout amongst the most famous ransomware’s to date. Cryptowall is known for its utilization of AES encryption and for leading its C&C communication over the Tor hidden network. It is generally scattered by means of exploit units, malvertising, and phishing attempts.

Conficker

The worm that permits remote operations and malware download. The contaminated machine is controlled by a botnet, which contacts its Command and Control server to get directions.

Hancitor

Downloader used to introduce malicious payloads, (for example, Banking Trojans and Ransomware) on contaminated machines. Otherwise called Chanitor, Hancitor is typically conveyed as a large scale empowered Office document in phishing messages with “critical” messages, for example, phone messages, faxes or invoices.

Zeus

Banking Trojan that does man-in-the-browser keystroke logging and form grabbing so as to take keeping banking details.

RookieUA

Infostealer intended to obtain client account data, for example, logins and passwords and send them to a remote server.

Nivdort

Multipurpose bot, otherwise called Bayrob, that is utilized to gather passwords, change system settings and download other malware. It is generally spread by means of spam messages with the beneficiary address encoded in the binary, along these lines making each file different.

Fareit

Trojan used to take delicate data, for example, user names and passwords put away in web programs, and in addition email and FTP certifications.

Pykspa

Worm that spreads itself by sending texts to contacts on Skype. It extricates user information from the machine and speaks with remote servers by utilizing a Domain Generation Algorithms (DGA).

Hancitor Makes First Appearance in Top Five Most wanted malware
@Checkpoint Threat Research

Mobile Malware

With Mobile, Malware Hiddad moves to the top spot following Hummingbad and Trida.

Hiddad

Android malware which repackages genuine applications and after that discharges them to an app store. Its fundamental capacity is showing advertisements, in any case it is likewise ready to access security details incorporated with the OS, permitting an attacker to acquire delicate user information.

Hummingbad

Android malware that builds up a determined rootkit on the gadget, introduces malicious applications, and with slight alterations could empower extra malicious activity, for example, introducing a key-logger, taking credentials and bypassing encrypted email holders utilized by the enterprise.

Triada

Backdoor for Android which gives super-user permission to downloaded malware, as helps it to get installed into the system process. Triada has additionally been seen spoofing URL’s that opened in the browser.

Organizations should adequately be equipped to deal with the ever-increasing number of threats, the speed of malware development demonstrates the difficulties faced by IT departments around the world.

Also Read

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable...

Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered,...

New XCSSET Malware Targets macOS Users Through Infected Xcode Projects

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking...

Beware! Fake Outlook Support Calls Leading to Ransomware Attacks

Telekom Security has recently uncovered a significant vishing (voice phishing) campaign targeting individuals and...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...