UPDATE
Top 10 malware affecting Australians Courtesy of Check Point Research
C
heck Point Research (CPR has published its latest Global Threat Index for August 2021 and identified the top 10 malware affecting Australians in August. Concerningly, FluBot has re-entered the list, impacting 1.48% of Australian cyber security cases. The Android malware easily accessible, and is distributed via phishing SMS messages, often impersonating logistics delivery brands such as voicemail notifications. Formbook has jumped from third position up to the top spot within the last month, impacting 2.96% of Australians. Known for its strong evasion techniques and relatively low price, FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C.
threat actors behind this malware, utilise this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organisation itself, prior to delivering a company-wide targeted ransomware attack. 2.
Formbook, ↓ 2.41% (percentage of Australian cyber incident cases impacted by this specific malware) First detected in 2016, FormBook is an InfoStealer that targets the Windows OS. It is marketed as MaaS in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C.
3.
Cosmu, ↑ 1.57% (percentage of Australian cyber incident cases impacted by this specific malware) Cosmu is a PC Trojan that tries to put a computer at risk of having additional malware downloaded without notice to the computer user. The malware would try to communicate with a remote server where it can download malware files and further infect the system.
4.
Tofsee, ↑ 1.33% (percentage of Australian cyber incident cases impacted by this specific malware. Tofsee is a backdoor Trojan, operating since at least
Top 10 Malware in Australia for August: 1.
16 | Australian Cyber Security Magazine
Trickbot, ↑ 3.26% (percentage of Australian cyber incident cases impacted by this specific malware) Trickbot is a modular Botnet and Banking Trojan that targets the Windows platform, mostly delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules: from a VNC module for remote control, to an SMB module for spreading within a compromised network. Once a machine is infected, the Trickbot gang, the
