Info-stealing malware accounted for the three most widespread variants in October, comprising nearly a fifth (16%) of global detections, according to Check Point.
The security vendor’s Global Threat Index for October 2022 is compiled from hundreds of millions of its own threat intelligence sensors, installed across customer networks, endpoints and mobile devices.
It revealed that AgentTesla was the most widespread malware, impacting 7% of organizations. The advanced RAT malware works as a keylogger and information stealer capable of collecting the victim’s keystrokes, taking screenshots and exfiltrating credentials, according to the company.
In second and third place on the top 10 were SnakeKeylogger (5%), a modular .NET keylogger and credential stealer first detected in November 2020, and info-stealer Lokibot (4%). The latter is distributed mainly by phishing emails and is used to steal data including email credentials and passwords to cryptocurrency wallets and FTP servers, the report claimed.
All three moved up in the top 10 list from the previous month, while the likes of prolific Trojan Emotet and info-stealer Formbook slumped.
“We saw a lot of change in the rankings this month, with a new set of malware families making up the big three. It is interesting that Lokibot has climbed back to the third spot so quickly, which shows an increasing trend towards phishing attacks,” explained Maya Horowitz, VP research at Check Point Software.
“As we head into November, which is a busy buying period, it is important that people remain vigilant and keep an eye out for suspicious emails that could be carrying malicious code. Be aware of signs such as an unfamiliar sender, request for personal information and links. If in doubt, visit websites directly and find the appropriate contact information from verified sources, and make sure you have malware protection installed.”
According to the report, the education sector remained the most attacked globally, followed by government/military and healthcare.