Emotet retains hold as most prevalent malware

Notorious botnet Emotet has held on to its spot as the most widely used malware, according to the latest Global Threat Index from Check Point Research (CPR).

The news comes despite a 50% drop in its global impact in July compared to June. CPR estimates that it affects 7% of organisations worldwide.

In addition, CPR warned that the botnet has added new features and capabilities, such as its latest credit card stealer module developed, and adjustments done in its spreading systems.

Emotet’s popularity comes in spite of its previous ‘deletion’ from the internet. As part of a major police operation at the start of 2021, infrastructure used to deliver the botnet was seized and people accused of being behind it were arrested.

This led to an update being delivered to all infected machines to disable Emotet and its control servers were terminated.

Authorities hoped that this would lead to the death of one of the most prolific botnets in the world, estimated to be operating on around one million devices around the world.

However, it has resurged and regained its position as the top malware threat.

Other than Emotet, CPR identified several other movements in the global malware ecosystem in July.

Formbook is the second most prevalent form of malware, affecting 3% of organisations worldwide. First detected in 2016, this infostealer targets Windows OS where it harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files.


Snake Keylogger, a credential stealer, fall from third to eighth place. The month before, it was being spread via malicious Word documents so the decrease in its prevalence could be due in part to Microsoft’s recent confirmation that it will block macros by default.

Replacing it in third place is XMRig, an open-source CPU software used to mine cryptocurrency – this indicates that cybercriminals are fundamentally ‘in it for the money’ despite any higher motivations they may claim, such as hacktivism.

Malibot, which was new to CPR’s report last month, remains a threat to users of mobile banking as it is still the third most prevalent mobile…