Skip to main content

March 2020’s Most Wanted Malware: Dridex Banking Trojan Ranks On Top Malware List For First Time

Written by Customer Service on . Posted in Public Companies.

SAN CARLOS, Calif., April 09, 2020 (GLOBE NEWSWIRE) — Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has published its latest Global Threat Index for March 2020. The well-known banking trojan Dridex, which first appeared in 2011, has entered the top ten malware list for the first time, as the third most prevalent malware in March. Dridex has been updated and is now being used in the early attack stages for downloading targeted ransomware, such as BitPaymer and DoppelPaymer.
The sharp increase in the use of Dridex was driven by several spam campaigns containing a malicious Excel file which downloads Dridex malware into the victim’s computer. This upsurge in Dridex malware highlights just how quickly cyber-criminals change the themes of their attacks to try and maximize infection rates. Dridex is a sophisticated strain of banking malware that targets the Windows platform, delivering spam campaigns to infect computers and steal banking credentials and other personal information to facilitate fraudulent money transfer. The malware has been systematically updated and developed over the past decade.XMRig remains in 1st place in the Index of top malware families, impacting 5% of organizations globally, followed by Jsecoin and Dridex which impacted 4% and 3% of organizations worldwide respectively.“Dridex appearing for the first time as one of the top malware families shows how quickly cybercriminals can change their methods,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point. “This kind of malware can be very lucrative for criminals given its sophistication, and is now being used as a ransomware downloader, which makes it even more dangerous than previous variants. So, individuals need to be wary of emails with attachments, even if they appear to originate from a trusted source – especially with the explosion in home working over the past few weeks. Organizations need to be educating employees on how to identify malicious spam, and deploy security measures that help protect their teams and networks against such threats.”The research team also warns that “MVPower DVR Remote Code Execution” remained the most common exploited vulnerability, impacting 30% of organizations globally, closely followed by “PHP php-cgi Query String Parameter Code Execution” with a global impact of 29%, followed by “OpenSSL TLS DTLS Heartbeat Information Disclosure” impacting 27% of organizations worldwide.Top malware families
*The arrows relate to the change in rank compared to the previous month.This month XMRig remains in 1st place, impacting 5% of organizations globally, followed by Jsecoin and Dridex impacting 4% and 3% of organizations worldwide respectively.↔ XMRig – XMRig is an open-source CPU mining software used for the mining process of the Monero cryptocurrency, first seen in the wild on May 2017. ↑ Jsecoin – Jsecoin is a web-based cryptominer, designed to perform online mining of Monero cryptocurrency when a user visits a particular web page. The implanted JavaScript uses a large amount of the end user’s computational resources to mine coins, thus impacting the system performance.↑ Dridex – Dridex is a Banking Trojan that targets the Windows platform, and is delivered by spam campaigns and exploit kits, which rely on WebInjects to intercept and redirect banking credentials to an attacker-controlled server. Dridex contacts a remote server, sends information about the infected system and can also download and execute additional modules for remote control.Top exploited vulnerabilities
This month the “MVPower DVR Remote Code Execution” remains the most common exploited vulnerability, impacting 30% of organizations globally, closely followed by “PHP php-cgi Query String Parameter Code Execution” with a global impact of 29%. In 3rd place “OpenSSL TLS DTLS Heartbeat Information Disclosure” is impacting 27% of organizations worldwide.↔ MVPower DVR Remote Code Execution – A remote code execution vulnerability that exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request.↑ PHP php-cgi Query String Parameter Code Execution – A remote code execution vulnerability that has been reported in PHP. The vulnerability is due to the improper parsing and filtering of query strings by PHP. A remote attacker may exploit this issue by sending crafted HTTP requests. Successful exploitation allows an attacker to execute arbitrary code on the target.↓ OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346) – An information disclosure vulnerability which exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server.Top malware families – Mobile
This month xHelper retained the 1st place in the most prevalent mobile malware, followed by AndroidBauts and Lotoor.xHelper – A malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisement. The application can hide itself from the user and reinstall itself in case if uninstalled.
 AndroidBauts – Adware targeting Android users that exfiltrates IMEI, IMSI, GPS location and other device information and allows the installation of third-party apps and shortcuts on mobile devices.
 Lotoor – A hacking tool that exploits vulnerabilities on Android operating systems to gain root privileges on compromised mobile devices.Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 2.5 billion websites and 500 million files daily, and identifies more than 250 million malware activities every day.The complete list of the top 10 malware families in February can be found on the Check Point Blog.
Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch_About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and corporate enterprises globally. Check Point’s solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and advanced targeted threats. Check Point offers a multilevel security architecture, “Infinity Total Protection with Gen V advanced threat prevention”, this combined product architecture defends an enterprises’ cloud, network and mobile devices. Check Point provides the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/571490b8-79f4-4103-9f95-c08d4b3cf7ec

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.