FormBook Knocks Off Emotet As Most Used Malware in August

  • FormBook is now the most prevalent malware found in the wild, dethroning Emotet, which has held that position since its reappearance in January.

    An info stealer targeting Windows OS, FormBook can harvest credentials, collect screenshots and monitor and log keystrokes. It can also download and execute files according to its command and control (C&C) orders. It also features robust evasion techniques and a relatively low price.

    The data comes from the latest Most Wanted Malware report by cybersecurity company Check Point Research (CPR), which also suggested the Android spyware Joker took third place in the mobile index and the Apache Log4j Remote Code Execution returned to first place as the most exploited vulnerability.

    Once installed, Joker can steal SMS messages and access contact lists and device information. It is also capable of signing the victim up for paid premium services without their consent. According to CPR, its rise can partially be explained by an uplift in campaigns as the malware was recently spotted in some malicious Google Play Store applications.

    “The shifts that we see in this month’s index, from Emotet dropping from first to fifth place to Joker becoming the third most prevalent mobile malware, is reflective of how fast the threat landscape can change,” said Maya Horowitz, VP of research at CPR.

    According to the executive, the figures should remind individuals and companies of the importance of keeping up to date with recent threats in order to know how to protect their systems from malware.

    “Threat actors are constantly evolving, and the emergence of FormBook shows that we can never be complacent about security and must adopt a holistic, prevent–first approach across networks, endpoints and the cloud.”

    In terms of additional findings, the CPR report suggested that the education/research sector remains the most targeted industry by cyber–criminals globally, followed by government/military and healthcare.

    CPR’s latest Global Threat Index is available at this link for more numbers and figures about the most widespread malware in August.