Fast-spreading malware steals usernames, passwords and browser history

Fast-spreading malware steals usernames, passwords and browser history
© Fizkes | Dreamstime.com

If you’ve been following cybersecurity trends, you’ll already know that the past several months have been a renaissance for scammers and hackers. New kinds of malware and phishing campaigns are everywhere these days, and from what we can tell, it doesn’t seem like the trend will be slowing down anytime soon.

Why the sudden spike in malicious cyber activity? It’s only the fact that the COVID-19 pandemic has forced everyone off the streets and inside their homes where they’re spending more time online than ever. Tap or click here to see how hackers are spreading Trojans through Google searches.

To help turn the tide in the war on cybercrime, a list of the “most wanted” malware circulating the web has been published. Each of these programs is nasty in their own way, but one of them is a potent botnet that can capture your PC and turn it into a malware-peddling zombie. Here’s how it works, and what you need to look out for.

Botnets and ransomware lead the ‘most wanted malware’ list

Check Point published a new list of the most common threats targeting internet users this summer. In June’s Most Wanted Malware report, several big names could be seen, as well as a massive spike in attacks coming from the infamous Phorpiex botnet.

What’s a botnet, you ask? It’s best to think of one like a swarm of zombified computers controlled by one central command system. If you’re infected by a botnet, the commanding computer can tell your system what to do – which usually includes spreading spam, ads and more malware even further to other computers.

The fact that so many nodes exist in a botnet can make them hard to get rid of – like a hydra that keeps sprouting new heads. The Phorpiex botnet, in particular, is now so common that Check Point ranked it as the number two threat to watch out for in June. This means it was the second most commonly detected malware targeting organizations.

Phorpiex works mostly like a typical botnet, but it features a ransomware twist that makes it much more dangerous. Instead of forcing your system to spam ads at other people, it downloads ransomware to your computer and sends it to other email addresses. Essentially, you’re being forced to take part in the malware’s distribution.

In addition to Phorpiex, here is the complete list of June’s Most Wanted Malware:

  1. Agent Tesla – Agent Tesla has an appropriate name, as it spies on your system like a secret agent. Features include an advanced keylogger that tracks what you type, a screenshot tool and a clipboard skimmer that can steal what you copy and paste. Tap or click here to see why clipboard skimming is a huge security flaw.
  2. Phorpiex
  3. XMRig – XMRig functions much like other botnets. Instead of using your system for malware distribution, however, it uses your system’s resources to mine cryptocurrency for the hacker behind it.
  4. Dridex – Dridex is a Trojan that distributes malware to other systems while downloading spam email attachments. It connects your computer to a remote command center that can potentially take over.
  5. Trickbot – One of the most common banking Trojans in the world, and for good reason. It’s incredibly robust and flexible and is able to integrate into many kinds of campaigns. Tap or click here to see how corrupt spreadsheets are being used to distribute Trickbot.
  6. Ramnit – Ramnit is a banking Trojan that steals login credentials, security codes and other bits of user data.
  7. Emotet – Like other Trojans, Emotet scans for banking information it can use to steal money from your account. What sets it apart, however, is the advanced distribution method that allows it to copy itself and avoid detection.
  8. Glupteba – Glupteba was a backdoor malware that has evolved into a full-fledged botnet over time. This program mostly targets Bitcoin users and may steal financial information.
  9. Formbook – Formbook is an advanced keystroke logger that copies and screenshots the information you type into login fields. It sends this data back to a central control center where it can be harvested or shared.
  10. NetwiredRC – This backdoor malware is capable of stealing system information and copying login credentials stored on your computer.

What can I do to avoid all these malware programs?

Looking at the list above, you can see how many of these programs rely on spam email campaigns to circulate themselves to more systems. If you couldn’t already guess, malicious email attachments are to blame for most infections.

It’s a common vector because it works, and many people won’t even think twice before downloading an attachment. And since many of these campaigns run off system-controlling botnets, you might even think you’re downloading an attachment from someone you trust before you realize you’ve been duped.

To stay safe, only download attachments you know you’re expecting. If a colleague must send you a file by email, ask them to include file names that will signal it’s safe and authentic. Otherwise, ignore and avoid at all costs.

And because some of these programs are ransomware in some form or another, backing up your computer has never been more critical. Without a solid cloud backup, your crucial files may be lost as soon as the infection takes root.

IDrive is the easiest secure cloud backup solution. Plans start at less than $7 a month and you can save even more with this special offer. Get 90% off 5TB of cloud backup at IDrive.com when you use promo code Kim at checkout. 

If this is what June’s threat ecosystem looked like, how bad will July be? Only time will tell, but in the meantime, continue to exercise caution when checking your email. Unlike with the mailbox in front of your home, danger could be lurking behind every single email’s subject line.

Tags: botnet, cloud backup, cybercrime, cybersecurity, Google, hackers, malware, phishing, phishing campaigns, ransomware, security