Check Point Research experts talked about the most active malware in April

The Check Point Research team of experts prepared a report on the most active threats and the most dangerous malware for April 2021. Researchers report that AgentTesla Trojan ranked second in the ranking for the first time, while Dridex is still in first place.

Dridex is often used at the initial stage of infection in ransomware operations, which are becoming more and more numerous. 例如, in March, researchers warned that in early 2021 the number of ransomware attacks increased by 57%.

Alas, this trend continues to develop: in general, it has already shown an increase of 107% compared to the same period last year. In 2020, according to experts, the damage from ransomware worldwide amounted to about $20 billion, which is almost 75% higher than in 2019.

For the first time, AgentTesla has taken the second place in the company ranking. It is an advanced RAT (Remote Access Trojan) that has been infecting computers since 2014, acting as a keylogger and password stealer. The malware is capable of monitoring and collecting data entered from the victim’s keyboard, taking screenshots and extracting credentials related to various programs installed on the infected machine (including Google Chrome, Mozilla Firefox瀏覽器, and Microsoft Outlook).

We’re seeing a huge increase in ransomware attacks around the world, so it’s no surprise that the most popular malware in April is associated with this trend. On average, every 10 seconds, one organization in the becomes a victim of the ransomware. Hackers often use the names of well-known organizations for their attacks. This time they imitated the QuickBooks brand, an accounting software suite common in the United States. The malicious emails contained fake payment notifications and invoices. Organizations need to be aware of these risks and provide not only suitable security solutions, but also employee training. The human factor is still the most vulnerable link, so it is very important that employees can recognize phishing emails. It is through them that ransomware infections often occur, — representatives of Check Point Software Technologies said.

In the world, the situation looks like this:

1. Dridex is a banking Trojan that infects Windows systems. It is spread using spam mailings and sets of exploits that use injections to steal personal data, as well as bank card data. Attacked 15% of organizations.
2. AgentTesla – an advanced RAT that has been attacking computers since 2014, acting as a keylogger and password stealer. It is capable of monitoring and collecting the victim’s keyboard input, taking screenshots and extracting credentials related to various programs installed on the victim’s computer (including Google Chrome, Mozilla Firefox瀏覽器, and Microsoft Outlook). Attacked 12% of organizations.
3. Trickbot is one of the dominant banking Trojans, which is constantly being enforced with new features, functions and distribution vectors. Trickbot is flexible and customizable malware that can be distributed through multipurpose campaigns. Attacked 8% of organizations.

Let me remind you that I also talked about the MountLocker ransomware, which uses the Windows API to navigate the network.