Emotet Tops List of July’s Most Widely Used Malware

  • Emotet was the most widely used malware in the wild in July, followed by Formbook and XMRig, a new report by Check Point Research (CPR) suggests.

    In June 2022 CPR reported that Emotet had a global impact of 14%. July saw a 50% reduction in Emotet’s global impact, down to 7%, but despite this the malware remains in the top spot.

    “Emotet continues to dominate our monthly top malware charts,” explained Maya Horowitz, VP of research at CPR.

    “This botnet continually evolves to maintain its persistence and evasion. Its latest developments include a credit card stealer module, meaning that enterprises and individuals must take extra care when making any online purchases.”

    Additionally, CPR mentioned Formbook, an Infostealer targeting the Windows OS, as the second most wanted malware in July.

    From a technical standpoint, FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its command-and-control (C&C) server.

    The third most wanted software on CPR’s list for July is XMRig, an open-source CPU mining software used to mine Monero cryptocurrency. Threat actors often exploit this open-source software by integrating it into their malware to conduct illegal mining on victims’ devices.

    XMRig replaced Snake Keylogger as the third most wanted malware. The credential stealer consequently fell from third to eighth place.

    In June, CPR observed Snake Keylogger spreading via malicious Word documents so the decrease in its deployment could be connected to Microsoft’s recent confirmation that it will block macros by default.

    “With Microsoft now confirming that it will block macros by default, we await to see how malware, such as Snake Keylogger, may change their tactics,” Horowitz said.

    CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” was the most commonly exploited vulnerability in July, impacting 42% of organizations worldwide.

    “Apache Log4j Remote Code Execution” followed closely, with an impact of 41%, and “Web Servers Malicious URL Directory Traversal” too, with a global impact of 39%.

    The complete list of the top ten malware families in July, alongside technical details about each of them, can be found on the Check Point blog.