Botnet and banking trojan Trickbot remained the top of most prevalent malware affecting of organizations worldwide during the past one month, according to security researcher Check Point’s latest Global Threat Index. The list ranks 10 viruses that attacked companies during the period, stealing financial details, account credentials, and personally identifiable information and more. Here’s the list of these 10 dangerous ‘viruses’ that hurt companies worldwide during this period
110
Trickbot: Banking virus
Trickbot is a modular Botnet and Banking Trojan that is constantly updated by hackers with new capabilities and distribution vectors.
210
XMRig: Mines cryptocurrency
As the name suggests, XMRig is an open-source CPU mining software used for the mining process of the Monero cryptocurrency. It was first seen in the wild in May 2017.
310
Remcos: Spreads via malicious Microsoft Office documents
Remcos first appeared in the wild in 2016. Remcos distributes itself through malicious Microsoft Office documents which are attached to spam emails and is designed to bypass Microsoft Windows UAC security with high-level privileges.
410
Glupteba: Spreads through browser, router
Glupteba is a backdoor which has evolved into a botnet. It spreads through BitCoin lists, is an integral browser stealer capability and router exploiter.
510
Tofsee: Used for DDoS attacks, send spam emails, mine cryptocurrencies
Tofsee too is a backdoor Trojan, operating since at least 2013. Tofsee is used for DDoS attacks, send spam emails, mine cryptocurrencies, and more.
610
Ramnit: Steals banking credentials, FTP passwords
Ramnit is a banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.
710
Agent Tesla: Works as keylogger and information stealer
Agent Tesla works as keylogger and information stealer, which is capable of monitoring and collecting the victim’s keyboard input, system keyboard, taking screenshots, and exfiltrating credentials to a variety of software installed on a victim’s machine (including Google Chrome, Mozilla Firefox and the Microsoft Outlook email client).
810
Ursnif: Targets the Windows platform
Ursnif is a Trojan that targets the Windows platform. It steals information related to the Verifone Point-of-Sale (POS) payment software. It contacts a remote server to upload collected information and receive instructions.
910
Formbook: Steals credentials from web browsers and takes collects screenshots
Formbook is an info stealer that harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to its C&C orders.
1010
Nanocore: Targets Windows devices
NanoCore is a Remote Access Trojan (RAT) that was first observed in the wild in 2013. It targets Windows operating system. All versions feature base plugins and functionalities such as screen capture, crypto currency mining, remote control of the desktop and webcam session theft.