The Dridex trojan is the most prevalent malware for the second month running, according to Check Point Research.
The trojan is often used in the initial stages of ransomware attacks.
Check Point Research has published its latest Global Threat Index for April 2021. Researchers report that for the first time, AgentTesla has ranked second in the Index.
This month, Dridex, a Trojan that targets the Windows platform, spread via QuickBooks Malspam Campaign. The phishing emails used QuickBookss branding and were trying to lure the user with fake payment notifications and invoices. The email content asked to download a malicious Microsoft Excel attachment that could cause the system to be infected with Dridex.
According to CPR, this malware is often used as the initial infection stage in ransomware operations where hackers will encrypt an organisation’s data and demand a ransom in order to decrypt it.
Increasingly, these hackers are using double extortion methods, where they will steal sensitive data from an organisation and threaten to release it publicly unless a payment is made.
CPR reported in March that ransomware attacks had seen a 57% increase in the beginning of 2021, but this trend has continued to spike and has completed a 107% increase from the equivalent period last year. Most recently, Colonial Pipeline, a major US fuel company, was the victim of such an attack and in 2020, it is estimated that ransomware cost businesses worldwide around $20 billion – a figure that is nearly 75% higher than in 2019.
For the first time, AgentTesla ranked in 2nd place in the top malware list. AgentTesla is an advanced RAT (remote access Trojan) that has been active since 2014 and functions as a keylogger and password stealer. This RAT can monitor and collect the victim’s keyboard input and system clipboard, and can record screenshots and exfiltrate credentials entered for a variety of software installed on the victim’s machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client).
This month there is an increase in AgentTesla campaigns, which spread via malspam. The email content is asking to download a file (it can be any file type) that could cause the…