Categories: Malware

Hancitor Makes First Appearance in Top Five Most wanted malware – February 2017

Hancitor has grown into the main five of the ‘most wanted’ malware families worldwide for the first time, reported by Checkpoint Threat Intelligence Research Team.

Hancitor also called as Chanitor is typically sent as a macro-enabled empowered Office document in phishing messages with “critical” messages, for example, phone messages, faxes or invoices.

Mostly the main 10 malware families uncovered that programmers were utilizing an extensive variety of attack vectors and strategies to target organizations.

The index ranked Kelihos, a botnet utilized as a part of bitcoin robbery, as the most widespread malware family, with 12% of associations universally affected by it.

Today, Kelihos keeps on developing as a standout amongst the most leading distributor of spam on the planet, with more than 300,000 contaminated machines, each equipped for sending more than 200,000 messages a day.

The main three most popular malware in February were Kelihos in, to begin with, affecting 12% of associations, trailed by HackerDefender, affecting 5% and Cryptowall which influenced 4.5% of organizations internationally.

Top 10 Most wanted Malware

Kelihos

Botnet predominantly included in bitcoin robbery and spamming. It uses shared peer-to-peer communications, empowering every individual node to go about as a Command and Control server.

HackerDefender

A user-mode rootkit for Windows can be utilized to hide files, procedures and registry keys, and furthermore, executes a backdoor and port redirector that works through TCP ports opened by existing services. This implies it is unrealistic to locate the hidden backdoor through conventional means.

Cryptowall

Ransomware that began as a Cryptolocker doppelgänger, yet in the end outperformed it. After the takedown of Cryptolocker, Cryptowall got to be distinctly a standout amongst the most famous ransomware’s to date. Cryptowall is known for its utilization of AES encryption and for leading its C&C communication over the Tor hidden network. It is generally scattered by means of exploit units, malvertising, and phishing attempts.

Conficker

The worm that permits remote operations and malware download. The contaminated machine is controlled by a botnet, which contacts its Command and Control server to get directions.

Hancitor

Downloader used to introduce malicious payloads, (for example, Banking Trojans and Ransomware) on contaminated machines. Otherwise called Chanitor, Hancitor is typically conveyed as a large scale empowered Office document in phishing messages with “critical” messages, for example, phone messages, faxes or invoices.

Zeus

Banking Trojan that does man-in-the-browser keystroke logging and form grabbing so as to take keeping banking details.

RookieUA

Infostealer intended to obtain client account data, for example, logins and passwords and send them to a remote server.

Nivdort

Multipurpose bot, otherwise called Bayrob, that is utilized to gather passwords, change system settings and download other malware. It is generally spread by means of spam messages with the beneficiary address encoded in the binary, along these lines making each file different.

Fareit

Trojan used to take delicate data, for example, user names and passwords put away in web programs, and in addition email and FTP certifications.

Pykspa

Worm that spreads itself by sending texts to contacts on Skype. It extricates user information from the machine and speaks with remote servers by utilizing a Domain Generation Algorithms (DGA).

@Checkpoint Threat Research

Mobile Malware

With Mobile, Malware Hiddad moves to the top spot following Hummingbad and Trida.

Hiddad

Android malware which repackages genuine applications and after that discharges them to an app store. Its fundamental capacity is showing advertisements, in any case it is likewise ready to access security details incorporated with the OS, permitting an attacker to acquire delicate user information.

Hummingbad

Android malware that builds up a determined rootkit on the gadget, introduces malicious applications, and with slight alterations could empower extra malicious activity, for example, introducing a key-logger, taking credentials and bypassing encrypted email holders utilized by the enterprise.

Triada

Backdoor for Android which gives super-user permission to downloaded malware, as helps it to get installed into the system process. Triada has additionally been seen spoofing URL’s that opened in the browser.

Organizations should adequately be equipped to deal with the ever-increasing number of threats, the speed of malware development demonstrates the difficulties faced by IT departments around the world.

Also Read

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

View Comments

  • UNHACKABLE (100 % PERFECT AND IMPOSSIBLE TO HACK) OPERATING SYSTEM into which NO ONE ON THE FACE OF THIS UNIVERSE can introduce MALWARE/RANSOMWARE/VIRUS into
    it available with me. See http://www.mrmrcss.com and contact me.
    Dr.Maddi Venkata Ravi Prasad,Ph.D.,
    +91 8712174481 or +91 9392084857
    email to: mvrp2507@gmail.com

Recent Posts

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…

5 hours ago

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…

6 hours ago

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…

6 hours ago

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…

6 hours ago

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which…

6 hours ago

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…

6 hours ago