Thursday, December 7, 2023

Hancitor Makes First Appearance in Top Five Most wanted malware – February 2017

Hancitor has grown into the main five of the ‘most wanted’ malware families worldwide for the first time, reported by Checkpoint Threat Intelligence Research Team.

Hancitor also called as Chanitor is typically sent as a macro-enabled empowered Office document in phishing messages with “critical” messages, for example, phone messages, faxes or invoices.

Mostly the main 10 malware families uncovered that programmers were utilizing an extensive variety of attack vectors and strategies to target organizations.

The index ranked Kelihos, a botnet utilized as a part of bitcoin robbery, as the most widespread malware family, with 12% of associations universally affected by it.

Today, Kelihos keeps on developing as a standout amongst the most leading distributor of spam on the planet, with more than 300,000 contaminated machines, each equipped for sending more than 200,000 messages a day.

The main three most popular malware in February were Kelihos in, to begin with, affecting 12% of associations, trailed by HackerDefender, affecting 5% and Cryptowall which influenced 4.5% of organizations internationally.

Top 10 Most wanted Malware


Botnet predominantly included in bitcoin robbery and spamming. It uses shared peer-to-peer communications, empowering every individual node to go about as a Command and Control server.


A user-mode rootkit for Windows can be utilized to hide files, procedures and registry keys, and furthermore, executes a backdoor and port redirector that works through TCP ports opened by existing services. This implies it is unrealistic to locate the hidden backdoor through conventional means.


Ransomware that began as a Cryptolocker doppelgänger, yet in the end outperformed it. After the takedown of Cryptolocker, Cryptowall got to be distinctly a standout amongst the most famous ransomware’s to date. Cryptowall is known for its utilization of AES encryption and for leading its C&C communication over the Tor hidden network. It is generally scattered by means of exploit units, malvertising, and phishing attempts.


The worm that permits remote operations and malware download. The contaminated machine is controlled by a botnet, which contacts its Command and Control server to get directions.


Downloader used to introduce malicious payloads, (for example, Banking Trojans and Ransomware) on contaminated machines. Otherwise called Chanitor, Hancitor is typically conveyed as a large scale empowered Office document in phishing messages with “critical” messages, for example, phone messages, faxes or invoices.


Banking Trojan that does man-in-the-browser keystroke logging and form grabbing so as to take keeping banking details.


Infostealer intended to obtain client account data, for example, logins and passwords and send them to a remote server.


Multipurpose bot, otherwise called Bayrob, that is utilized to gather passwords, change system settings and download other malware. It is generally spread by means of spam messages with the beneficiary address encoded in the binary, along these lines making each file different.


Trojan used to take delicate data, for example, user names and passwords put away in web programs, and in addition email and FTP certifications.


Worm that spreads itself by sending texts to contacts on Skype. It extricates user information from the machine and speaks with remote servers by utilizing a Domain Generation Algorithms (DGA).

Hancitor Makes First Appearance in Top Five Most wanted malware
@Checkpoint Threat Research

Mobile Malware

With Mobile, Malware Hiddad moves to the top spot following Hummingbad and Trida.


Android malware which repackages genuine applications and after that discharges them to an app store. Its fundamental capacity is showing advertisements, in any case it is likewise ready to access security details incorporated with the OS, permitting an attacker to acquire delicate user information.


Android malware that builds up a determined rootkit on the gadget, introduces malicious applications, and with slight alterations could empower extra malicious activity, for example, introducing a key-logger, taking credentials and bypassing encrypted email holders utilized by the enterprise.


Backdoor for Android which gives super-user permission to downloaded malware, as helps it to get installed into the system process. Triada has additionally been seen spoofing URL’s that opened in the browser.

Organizations should adequately be equipped to deal with the ever-increasing number of threats, the speed of malware development demonstrates the difficulties faced by IT departments around the world.

Also Read


Latest articles

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

SLAM Attack Gets Root Password Hash in 30 Seconds

Spectre is a class of speculative execution vulnerabilities in microprocessors that can allow threat...

Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

The Akira ransomware group, which first appeared in March 2023, has been identified as...

Hackers Deliver AsyncRAT Through Weaponized WSF Script Files

The AsyncRAT malware, which was previously distributed through files with the .chm extension, is now being...

BlueNoroff: New Malware Attacking MacOS Users

Researchers have uncovered a new Trojan-attacking macOS user that is associated with the BlueNoroff APT...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles