There's a new top dog when it comes to dangerous malware

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Qbot has become the most prevalent banking trojan around, taking the top spot from Emotet, new figures have claimed.

According to fresh figures from the Check Point Global Threat Index for December 2022, Qbot (also known as Qakbot) impacted 7% of organizations worldwide, retaking the number one spot from Emotet (4%).

Based on proprietary data, Check Point’s report says that besides Qbot and Emotet, XMRig rounded off the top three most prevalent malicious programs around, for the last month of the year.

Abusing known vulnerabilities

XMRig, impacting 3% of businesses worldwide is a cryptominer, a program that “mines” the XMR cryptocurrency for the attackers. It’s a popular application, which the threat actors aim mostly to install on servers and other high-end machines.

When it comes to mobile devices, a completely different set of malware prevailed. Anubis was the most prevalent variant, followed by Hiddad and AlienBot.

But to install these malware, hackers need to have some way to access the target endpoints, which is mostly done through known vulnerabilities.

“Web Server Exposed Git Repository Information Disclosure” was the most commonly exploited vulnerability, Check Point said, impacting almost half (46%) of organizations globally. “Web Server Malicious URL Directory Traversal” was second-placed with 44% of businesses around the world being impacted. The top three were rounded off with “Command INjection Over HTTP” - 43%. 

Education and Research remained the most attacked industry, before Government and Military, and Healthcare.

“The overwhelming theme from our latest research is how malware often masquerades as legitimate software to give hackers backdoor access to devices without raising suspicion. said Maya Horowitz, VP Research at Check Point Software. “That is why it is important to do your due diligence when downloading any software and applications or clicking on links, regardless of how genuine they look.”  

Last year, hackers were busy building fake landing pages, tricking people into either downloading malware, or giving away sensitive data. In just one instance, in late October last year, cybersecurity researchers from Malwarebytes discovered a major campaign that leveraged more than 200 landing pages used to gain access to people’s bank accounts. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.