Check Point experts have prepared a monthly report on the most active threats, the Global Threat Index, for September 2020. According to the researchers, the updated version of Valak malware, which transfers information from mail systems, entered the top of the most common malware of the month for the first time, ranking ninth in it.Valak was first discovered at the end of 2019 and is currently a very complex threat. So, if earlier Valak was classified as a common malware downloader, in recent months have appeared new variations with significant functional changes. They allowed Valak to become a full-fledged info-stealer capable of attacking both individual users and organizations.
The researchers warn that the new version of Valak is capable of stealing information from Microsoft Exchange mail systems, such as user credentials and domain certificates.
According to the company, in September 2020, Valak was actively spreading through a spam group containing .doc files.
“Valak’s new campaigns are another example of attackers seeking to maximize their investment in well-known, proven forms of malware. Together with the updated versions of Qbot, which appeared in August, Valak is targeting large-scale data theft of both organizations and individuals”, — said representatives of Check Point Software Technologies.
Check Point recommends that companies think ahead about implementing of antimalware protection. Prevention of such content from reaching end users is possible by asking employees to be extremely careful when opening emails, even if they appear to come from a trusted source.
Let me remind you about a previously unknown malicious script that steals bank card data from online stores. A malicious program called Pipka has a unique ability – it can remove itself from an infected site.
Overall, in September 2020, top of the most aggressive threats in the world looked as the as following:
- Emotet is an advanced self-spreading modular Trojan. Was once an ordinary banker, but has recently been used to distribute malware and campaigns. New functionality allows sending phishing emails containing attachments or links.
- Trickbot is one of the dominant banking Trojans, which is constantly being supplemented with new functions and distribution vectors. Trickbot is flexible and customizable malware that can be distributed through multipurpose campaigns.
- Dridex is a banking Trojan that infects Windows operating systems. Dridex spreads using spam mailings and exploit kits that WebInjects use to intercept data as well as bank customer data.
It is also noted that the Qbot Trojan, which first entered this list this year, was again widely exploited in September, moving up from tenth place to sixth.