EXECUTIVE SUMMARY:

A remote access Trojan (RAT), called “FlawedAmmyy” has surprised researchers with a widespread campaign that pushed it to the Check Point Global Threat Index Top 10–the first time this type of attack has made the list.

Using the FlawedAmmyy RAT, attackers can remotely control victims’ machines. That control then gives them full access to a machine’s camera and microphone, and lets them collect screen grabs, steal credentials and sensitive files, and intrusively monitor victims’ actions.

While FlawedAmmyy is notable for making the list, the overall leader of the Top 10 list continues to be Coinhive, a cryptomining malware with a global impact of 18 percent.

Below are the current Top 10 ‘most wanted’ malware, according to the report:
Note: The arrows relate to the change in rank compared to the previous month.

  1. ↔ Coinhive – Cryptominer performs online mining of Monero cryptocurrency when a user visits a web page without the user’s knowledge or approval, and without sharing the profits with the user. The implanted JavaScript takes advantage of users’ computational resources to mine coins and can sometimes crash systems.
  2. ↑ Cryptoloot – Cryptominer uses the victim’s CPU or GPU power and existing resources for cryptomining. In the process, it adds transactions to the blockchain and releases new currency. Unlike Coinhive, it asks for a smaller percentage of revenue from websites.
  3.  Dorkbot- IRC-based Worm allows remote code execution by its operator, as well as the download of additional malware to the infected system.
  4. ↑ Roughted –Large-scale malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
  5. ↓ Andromeda – Modular bot is used mainly as a backdoor to deliver additional malware to infected hosts. It can be modified to create different types of botnets.
  6. ↓ Jsecoin – JavaScript miner can be embedded in websites. With JSEcoin, you can run the miner directly in your browser in exchange for an ad-free experience, in-game currency, and other incentives.
  7. ↑ XMRig- XMRig is an open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in the wild in May 2017.
  8. ↓ Ramnit- Banking Trojan steals banking credentials, FTP passwords, session cookies, and personal data.
  9. ↔ Conficker-Worm allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
  10. ↑ FlawedAmmyy RAT – Remote access Trojan (RAT) comes from the leaked source code of the remote administration software called ‘Ammyy Admin’. FlawedAmmyy has been used in both highly targeted email attacks and massive spam campaigns. It implements common back-door features,  lets the attackers manage files, capture the screen, remotely control the victim’s machine, and establish RDP SessionsService among other things.

Get the full story at the Check Point blog.