SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Check Point reveals the top 10 malware affecting New Zealanders in November
Wed, 15th Dec 2021
FYI, this story is more than a year old

Check Point Research has revealed the top 10 malware affecting New Zealanders in November.

Formbook, Emotet, and Trickbot take the top three spots in November's list from the Check Point Software threat intelligence arm. The company says it's no surprise that Emotet has taken second place, as Check Point Research recently revealed new Emotet samples were spreading through Trickbot.

The top 10 malware in New Zealand for November are:

Formbook 1.36% (percentage of New Zealand cyber incident cases impacted by this specific malware): First detected in 2016, FormBook is an InfoStealer targeting the Windows OS. It is marketed as MaaS in underground hacking forums for its strong evasion techniques and relatively low price.

Emotet (1.36%): An advanced, self-propagating and modular Trojan that was once used as a banking Trojan and currently distributes other malware or malicious campaigns.

Trickbot (1.02%): Trickbot is a modular Botnet and Banking Trojan that targets the Windows platform, primarily delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from an extensive array of available modules: from a VNC module for remote control to an SMB module for spreading within a compromised network.

Remcos (0.68%): Remcos is a RAT that first appeared in the wild in 2016. Remcos distributes itself through malicious Microsoft Office documents attached to SPAM emails designed to bypass Microsoft Windows UAC security and execute malware with high-level privileges.

AsyncRat (0.68%): Asyncrat is a Trojan that targets the Windows platform. This malware sends system information about the targeted system to a remote server. It receives commands from the server to download and execute plugins, kill processes, uninstall/update itself, and capture screenshots of the infected system.

XMRig (0.34%): First seen in the wild in May 2017, XMRig is an open source CPU mining software used to mine Monero cryptocurrency.

Panda (0.34%): Panda is a Zeus variant first observed in the wild at the beginning of 2016 and distributed via Exploit Kits. Since its initial appearance, Panda has targeted financial services in Europe and North America. Before the Olympic Games of 2016, it also ran a special campaign against Brazilian banks.

LockBit (0.34%): LockBit is a Ransomware-as-a-Service (RaaS) first launched in September 2019 and updated and improved in June 2021. It is used for targeted attacks against organisations and blocks user access to computer systems by encrypting in exchange for a ransom payment.

Kryptik (0.34%): Kryptik is a Trojan that targets the Windows platform. It collects system information and sends it out to a remote server. It may download and execute additional malicious files on an infected system.

Icedid (0.34%): IcedID is a banking Trojan which first emerged in September 2017. It usually uses other well-known banking Trojans, including Emotet, Ursnif and Trickbot, to help it spread.

Malware families Glupteba, GhOst, FluBot and Barys were also tied in tenth place, each impacting 0.34% of New Zealand cyber incident cases in November.