14 DAY TRIAL // A remote access Trojan (RAT) named FlawedAmmyy has recently entered the Global Threat Index’s Top 10 after Check Point's researchers discovered multiple campaigns distributing the RAT, with a massive surge during October 2018.
"Dubbed “FlawedAmmyy”, this type of attack allows attackers to remotely control the victim’s machine– gaining full access to the machine’s camera and microphone, collecting screen grabs, stealing credentials and sensitive files, and intrusively monitoring the victims’ actions," according to Check Point.
This is the first time a RAT made it in Check Point's Global Threat Index’s Top 10 although only on the last spot, with cryptomining malware dominating all other threats in the top.
Coinhive still rules the rankings with an iron fist accounting for a global impact of roughly 18%, while Cryptloot managed to affect around 8% of all organizations which experienced a malware attack in the last few months,
Check Point also said that "While cryptominers remain the dominant threat, the number of malware families on the list that target user data may indicate that information such as login credentials, sensitive files, banking and payment information is hasn’t lost any lucrative appeal to cyber criminals."
The Global Threat Index is dominated by cryptomining malware
The two top cryptomining malware at the top oft he rankings are followed by Dorkbot, an IRC-based worm with remove code execution capabilities, and the Roughted malvertising malware used to deliver a wide range of payloads.
Furthermore, the Andromeda backdoor which allows its masters to create powerful botnets and the Jsecoin JavaScript-based miner take the fifth and sixth places.
The thread index top is closed by the XMRig CPU-based Monero miner, the Ramnit banking Trojan used to exfiltrate all sorts of personal info and credentials, and the notorious Conficker worm with remote control and malware dropping abilities.
On the tenth place is the RAT we were talking about at the beginning of this article, the FlawedAmmyy RAT, a malicious remote administration Trojanized version of the legitimate zero-config remote desktop Ammyy Admin software.
"Triada, the modular backdoor for Android has climbed to first place in the top mobile malware list. It replaces Android banking Trojan and info-stealer Lokibot, which has fallen to second place," also said Check Point. "Hiddad has returned to the list as this month’s third most prevalent mobile malware."
