Hacker
Professional
- Messages
- 1,041
- Reaction score
- 852
- Points
- 113
Any.Run, an interactive service for automated malware analysis, has compiled a list of the 10 most common threats loaded on this platform. At the top of the list is the banking Trojan Emotet.
Top ranked malware designed to steal all types of confidential information, bank details, and remote access tools to control a compromised host.
No. 1 Emotet - 36,026 samples
The Trojan was first discovered in 2014 and was used to intercept data transmitted over secure connections. Recall that in September this year, Emotet returned to life after 4 months of inactivity. Operators sent emails containing malicious files and links to malicious downloads. The victims of the campaign were users speaking Polish and German.
№2 Agent Tesla - 10 324
AgentTesla is an advanced Remote Access Tool (RAT). The malware has been infecting computers since 2014, acting as a keylogger and password stealer.
№3 NanoCore - 6 527
NanoCore is the most popular of all RATs. Besides providing remote access to the victim host, it also includes the ability to log keys, spy, execute files, capture video and audio, edit the registry, and control the mouse.
№4 LokiBot - 5693
LokiBot has appeared on underground forums as an information thief and keylogger, but further development has added various features that allow it to evade detection and collect sensitive information.
№5 Ursnif - 4 185
Ursnif is commonly associated with data theft, but some options come with components such as backdoors, spyware, or file injection. Security researchers have also linked the deployment of another malware, GandCrab, to this threat.
№6 FormBook - 3 548
The malware was designed to capture data typed on the keyboard in web forms. Its functions include collecting credentials from web browsers (cookies, passwords), taking screenshots, stealing clipboard contents, keeping a key log, downloading and running executable files from a command and control server, and stealing passwords from email clients.
№7 HawkEye - 3 388
The keylogger supports the ability to intercept keystrokes and allows you to steal credentials from various applications and the clipboard.
№8 AZORult - 2 898
The main function of the malware is to collect and retrieve data from a compromised system, including passwords stored in browsers, email and FTP clients, as well as cookies, web forms, cryptocurrency wallets and correspondence in instant messengers.
№9 TrickBot - 2 510
Initially, TrickBot was used only in attacks against Australian users, but in April 2017 it began to be used in attacks on banks in the United States, Great Britain, Germany, Ireland, Canada, New Zealand, Switzerland and France. Typically, it spreads through Emotet and can download other malware onto the system (such as Ryuk ransomware).
№10 njRAT - 2 355
njRAT is based on .NET and allows attackers to take full control of the system. Previously, the Trojan was spread through spam messages containing advertisements for cheat codes and a license key generator for the game "Need for Speed: World". It has also been used in several malicious campaigns using OpenDocument Text (ODT) files.
Top ranked malware designed to steal all types of confidential information, bank details, and remote access tools to control a compromised host.
No. 1 Emotet - 36,026 samples
The Trojan was first discovered in 2014 and was used to intercept data transmitted over secure connections. Recall that in September this year, Emotet returned to life after 4 months of inactivity. Operators sent emails containing malicious files and links to malicious downloads. The victims of the campaign were users speaking Polish and German.
№2 Agent Tesla - 10 324
AgentTesla is an advanced Remote Access Tool (RAT). The malware has been infecting computers since 2014, acting as a keylogger and password stealer.
№3 NanoCore - 6 527
NanoCore is the most popular of all RATs. Besides providing remote access to the victim host, it also includes the ability to log keys, spy, execute files, capture video and audio, edit the registry, and control the mouse.
№4 LokiBot - 5693
LokiBot has appeared on underground forums as an information thief and keylogger, but further development has added various features that allow it to evade detection and collect sensitive information.
№5 Ursnif - 4 185
Ursnif is commonly associated with data theft, but some options come with components such as backdoors, spyware, or file injection. Security researchers have also linked the deployment of another malware, GandCrab, to this threat.
№6 FormBook - 3 548
The malware was designed to capture data typed on the keyboard in web forms. Its functions include collecting credentials from web browsers (cookies, passwords), taking screenshots, stealing clipboard contents, keeping a key log, downloading and running executable files from a command and control server, and stealing passwords from email clients.
№7 HawkEye - 3 388
The keylogger supports the ability to intercept keystrokes and allows you to steal credentials from various applications and the clipboard.
№8 AZORult - 2 898
The main function of the malware is to collect and retrieve data from a compromised system, including passwords stored in browsers, email and FTP clients, as well as cookies, web forms, cryptocurrency wallets and correspondence in instant messengers.
№9 TrickBot - 2 510
Initially, TrickBot was used only in attacks against Australian users, but in April 2017 it began to be used in attacks on banks in the United States, Great Britain, Germany, Ireland, Canada, New Zealand, Switzerland and France. Typically, it spreads through Emotet and can download other malware onto the system (such as Ryuk ransomware).
№10 njRAT - 2 355
njRAT is based on .NET and allows attackers to take full control of the system. Previously, the Trojan was spread through spam messages containing advertisements for cheat codes and a license key generator for the game "Need for Speed: World". It has also been used in several malicious campaigns using OpenDocument Text (ODT) files.
