Thursday, March 28, 2024

Hancitor Makes First Appearance in Top Five Most wanted malware – February 2017

Hancitor has grown into the main five of the ‘most wanted’ malware families worldwide for the first time, reported by Checkpoint Threat Intelligence Research Team.

Hancitor also called as Chanitor is typically sent as a macro-enabled empowered Office document in phishing messages with “critical” messages, for example, phone messages, faxes or invoices.

Mostly the main 10 malware families uncovered that programmers were utilizing an extensive variety of attack vectors and strategies to target organizations.

The index ranked Kelihos, a botnet utilized as a part of bitcoin robbery, as the most widespread malware family, with 12% of associations universally affected by it.

Today, Kelihos keeps on developing as a standout amongst the most leading distributor of spam on the planet, with more than 300,000 contaminated machines, each equipped for sending more than 200,000 messages a day.

The main three most popular malware in February were Kelihos in, to begin with, affecting 12% of associations, trailed by HackerDefender, affecting 5% and Cryptowall which influenced 4.5% of organizations internationally.

Top 10 Most wanted Malware

Kelihos

Botnet predominantly included in bitcoin robbery and spamming. It uses shared peer-to-peer communications, empowering every individual node to go about as a Command and Control server.

HackerDefender

A user-mode rootkit for Windows can be utilized to hide files, procedures and registry keys, and furthermore, executes a backdoor and port redirector that works through TCP ports opened by existing services. This implies it is unrealistic to locate the hidden backdoor through conventional means.

Cryptowall 

Ransomware that began as a Cryptolocker doppelgänger, yet in the end outperformed it. After the takedown of Cryptolocker, Cryptowall got to be distinctly a standout amongst the most famous ransomware’s to date. Cryptowall is known for its utilization of AES encryption and for leading its C&C communication over the Tor hidden network. It is generally scattered by means of exploit units, malvertising, and phishing attempts.

Conficker

The worm that permits remote operations and malware download. The contaminated machine is controlled by a botnet, which contacts its Command and Control server to get directions.

Hancitor

Downloader used to introduce malicious payloads, (for example, Banking Trojans and Ransomware) on contaminated machines. Otherwise called Chanitor, Hancitor is typically conveyed as a large scale empowered Office document in phishing messages with “critical” messages, for example, phone messages, faxes or invoices.

Zeus

Banking Trojan that does man-in-the-browser keystroke logging and form grabbing so as to take keeping banking details.

RookieUA

Infostealer intended to obtain client account data, for example, logins and passwords and send them to a remote server.

Nivdort

Multipurpose bot, otherwise called Bayrob, that is utilized to gather passwords, change system settings and download other malware. It is generally spread by means of spam messages with the beneficiary address encoded in the binary, along these lines making each file different.

Fareit

Trojan used to take delicate data, for example, user names and passwords put away in web programs, and in addition email and FTP certifications.

Pykspa

Worm that spreads itself by sending texts to contacts on Skype. It extricates user information from the machine and speaks with remote servers by utilizing a Domain Generation Algorithms (DGA).

Hancitor Makes First Appearance in Top Five Most wanted malware
@Checkpoint Threat Research

Mobile Malware

With Mobile, Malware Hiddad moves to the top spot following Hummingbad and Trida.

Hiddad

Android malware which repackages genuine applications and after that discharges them to an app store. Its fundamental capacity is showing advertisements, in any case it is likewise ready to access security details incorporated with the OS, permitting an attacker to acquire delicate user information.

Hummingbad

Android malware that builds up a determined rootkit on the gadget, introduces malicious applications, and with slight alterations could empower extra malicious activity, for example, introducing a key-logger, taking credentials and bypassing encrypted email holders utilized by the enterprise.

Triada

Backdoor for Android which gives super-user permission to downloaded malware, as helps it to get installed into the system process. Triada has additionally been seen spoofing URL’s that opened in the browser.

Organizations should adequately be equipped to deal with the ever-increasing number of threats, the speed of malware development demonstrates the difficulties faced by IT departments around the world.

Also Read

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles