The Qbot Trojan overtook Emotet as the most prevalent malware found in the wild in December 2022, impacting 7% of organizations worldwide. Additionally, the Glupteba malware, a blockchain-enabled Trojan botnet, returned to the top 10 list for the first time since July 2022.
The findings come from Check Point Software Technologies, which published its Global Threat Index for December 2022 on Friday and shared it with Infosecurity via email.
“Although Google managed to cause major disruption to Glupteba operations in December 2021, it seems to have sprung back into action,” reads the report. “As a modular malware variant, [...] the botnet is often used as a downloader and dropper for other malware.”
Another piece of malware growing in adoption in December 2022 was the ad-distributing Android threat known as Hiddad, which entered the top-three mobile malware list for the first time in 2022, just before the end of the year.
“It repackages legitimate apps and then releases them to a third-party store,” Check Point wrote. “Its main function is to display ads, but it can also gain access to key security details built into the OS.”
In terms of industry, education/research remained the most attacked sector globally last month, followed by government/military and healthcare.
As for the most exploited vulnerabilities in December 2022, a web server flaw that exposed GitHub repository information was at the top of the list, followed by various vulnerabilities that leveraged a directory traversal flaw on different web servers (and that were number one in this list in November 2022).
According to Maya Horowitz, VP of research at Check Point Software, the overwhelming theme from the company’s latest research is how malware often masquerades as legitimate software to grant hackers backdoor access to devices without raising suspicion.
“That is why it is important to do your due diligence when downloading any software and applications or clicking on links, regardless of how genuine they look,” Horowitz added.
The latest Global Threat Index by Check Point Software is now available at this link for more information about the latest active threats in the wild.
The data comes days after security researcher Dominic Alvieri unveiled a new phishing campaign that relies on social media accounts and fake websites to pretend to sell the hacking tool, Flipper Zero.