Check Point experts have prepared the Global Threat Index report dedicated to the most active threats of August 2019. Analysts note the activity of the Echobot botnet, as well as the “return to life” of the Emotet botnet.
In the report, the research group warns of a new version of the botnet Mirai – Echobot, which began large-scale attacks on smart devices. Echobot appeared in May 2019, and has since “learned” to exploit more than 50 different vulnerabilities. Malvar is particularly active in exploiting the problems of Command Injection Over HTTP. Echobot attacks have already affected 34% of organizations around the world.
– comments Vasily Diaghilev, head of Check Point Software Technologies in Russia and the CIS.
As the researchers assumed, in August the infrastructure of another botnet, Emotet, was reactivated. The fact is that a couple of months ago, in June 2019, the number of malicious campaigns Emotet sharply decreased. The Check Point team then suggested that the botnet infrastructure could be shut down for maintenance and updates. We have already noted that the “vacation” of Emotet operators is not an unusual case. Botnets often take breaks in operation, updating the infrastructure, or while their operators are resting. For example, the famous Dridex botnet was shut down every year from mid-December to mid-January, during the winter holidays.
As a result, the top most active malawari in August 2019 looks as follows.
The most active miner in the world in August 2019:
- XMRig – open source software first discovered in May 2017. Used for mining of Monero cryptocurrency
- Jsecoin is a JavaScript miner that can run the miner directly in your browser in exchange for advertising, in-game currency and other incentives.
- Dorkbot is an IRC-based worm designed to run code remotely by its operator and to download additional malware to an infected system.
Most active mobile threats in August 2019:
- Lotoor is a program that exploits vulnerabilities in the Android operating system to gain privileged root access to hacked mobile devices
- AndroidBauts is an advertising malware that steals IMEI, IMSI, GPS data and other device information and allows you to install third-party applications on infected mobile devices.
- Triada is a modular backdoor that provides superuser privileges for downloaded malware and helps to integrate them into system processes. Triada has also been seen to be swapping URLs that are downloaded from the browser.