Trickbot is no longer the world's leading malware threat

News
By Sead Fadilpašić
last updated

After a three-month reign, Trickbot has been succeeded by infostealer Formbook

security threat
(Image credit: Shutterstock.com)

Formbook, an “infostealer” malware that can harvest web browser credentials, take screenshots, log keystrokes and download and run executive files, is now the most prevalent threat around today, a new report has claimed.

This is according to the Global Threat Index for August 2021research paper published by Check Point Research, which found Formbook affected 4.5% of global companies last month.

This helped it surpass Trickbot, a modular banking Trojan that’s been wreaking havoc for the past three months, and which now affects 4% of companies worldwide.

Agent Tesla, with 3%, rounded off the top three, while banking Trojan Qbot, known to have operators who like to take long sabbaticals, dropped from the top 10 completely.

xHelper targets mobile devices

“Formbook’s code is written in C with assembly inserts and contains a number of tricks to make it more evasive and harder for researchers to analyze,” said Maya Horowitz, VP Research at Check Point Software. 

“As it is usually distributed via phishing emails and attachments, the best way to prevent a Formbook infection is by staying acutely aware of any emails that appear strange or come from unknown senders. As always, if it doesn’t look right, it probably isn’t.”

The report also stated that the most common vulnerability is “Web Server Exposed Git Repository Information Disclosure,” as it affects almost half (45%) of organizations worldwide. “HTTP Headers Remote Code Execution” is another major threat, affecting 43% of firms everywhere.

The top three threats were rounded off by “Dasan GPON Router Authentication Bypass,” having a global impact of 40%.

As for mobile malware, xHelper was the most prevalent one this month, together with AlienBot and FluBot. First spotted in early 2019, xHelper downloads other malicious apps onto the device, and displays advertisements to the victim. It can hide from the device owner and even reinstall itself if necessary.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.