Emotet gap is filled – onlinepc.ch


Thanks to the blow against the Emotet network, the associated malware is no longer virulent in Switzerland. However, cyber criminals quickly fill the vacancy with new banking Trojans, as Check Point’s Swiss malware top ten list shows.

The concerted, worldwide police action on January 27th against the Emotet network is having an effect: The notorious Trojan, which has been messing around on Swiss computers for over a year and was one of the most virulent malware programs, is history and appears in the “Most Wanted »-List from Check Point Software Technologies no longer appears. With this malware “hit parade”, the cybersecurity specialist determines the types of malware that Check Point has found and filtered most frequently on corporate computers in Switzerland and around the world.

But the void left by Emotet is apparently quickly being filled by potential successors. For example, the Check Point virus hunters encountered the Qbot banking Trojan particularly frequently in Switzerland in February. This reached the top position in the malware «hit parade» with a spread rate of over seven percent.

Qbot, also known as Qakbot, is an online banking Trojan that has been observed since 2008. The main purpose of the malware was to steal the access data of bank customers and to record their entries. Qbot also knows how to hide and trick anti-virus software. So he uses anti-VM, anti-debugging and anti-sanbox techniques to make analysis and detection difficult.

Rapid expansion

In addition, Qbot is very “contagious” and is therefore spreading extremely quickly, explains Patrik Honegger from Check Point Switzerland to Computerworld. This is also the reason why the Trojan heads the top list in this country, while Qbot is not nearly as widespread worldwide as it is in Switzerland, at just under three percent. Because if users are infected with Qbot, the malware reads out the entire mailbox, according to the security expert, and the hackers behind Qbot “arm” existing e-mail conversations. As a result, the infected emails would be sent as a seemingly legitimate response to all participants in the original conversation. “As soon as a Swiss company becomes infected, the likelihood increases that more Swiss companies will also become infected,” says Honegger.

See also  Here is the precise number of days it takes to (finally) give up a bad habit according to science!

Globally, however, Trickbot is currently following in Emotet’s footsteps, as it tops the global malware hit list from Check Point. In Switzerland, however, the malware ranked 5th in February. Like Emotet, Trickbot was launched as an online banking Trojan. But since it is very modular, it can be used for all possible forms of attack.

Most Wanted Malware – Februar 2021

Rang

Malware family

Type of malware

Distribution Switzerland

Global distribution

1

Qbot

Banking trojans

7.24%

2.94%

2

CpuMiner-Multi

Kryptominer

2.20%

0.74%

3

DameWare

Remote Administration Tool

1.89%

0.04%

4

Formbook

Infostealer

1.42%

2.33%

5

Trick bot

Banking trojans

1.26%

3.17%

6

Arkei

Trojans

0.94%

0.76%

7

SmokeLoader

Trojans

0.79%

0.32%

7

XMRig

Kryptominer

0.79%

3.08%

7

Mirai

IoT-Malware

0.79%

0.47%

10

Phorpiex

Botnet

0.63%

1.76%

10

RigEK

Exploit Collection

0.63%

1.46%

10

Netwire

Remote Administration Tool

0.63%

0.30%

10

Dridex

Banking trojans

0.63%

1.59%

Leave a Comment