Discover 10 of the most dangerous malware threats and learn how to identify, prevent and defend against attacks. Malware-based attacks pose a significant risk to 80% of small-to-medium sized businesses, while larger organizations are becoming increasingly vulnerable to dangerous and damaging incidents. Stay informed in order to safeguard your organization.
Types of malware and the threats they pose
Malware represents a tremendous cyber security threat across all environments and ecosystems. Any piece of intrusive and destructive software program —especially those that compromise device functions, steal data, spy on users, and generally cause chaos— constitutes a type of malware.
In terms of malware varieties, there is spyware, ransomware, adware, viruses, bots, botnets, rootkits, keyloggers and Trojan horses. In most cases, malware is spread via vulnerable software, file shares, websites, advertisements, email attachments, or malicious links.
Insights into the most dangerous malware threats will enable you to better protect your organization, avoid business disruptions or losses, and push your reporting data in a more positive direction.
Take a proactive approach and be prepared for the next wave of malicious activity. Watch out for these threats across 2023.
10 of the most dangerous malware threats
1. Mirai botnet. First seen in August of 2016, the Mirai botnet has been used to launch extensive DDoS attacks on websites, networks and other digital infrastructure. Mirai malware exploits vulnerabilities in technology and then links the technology together, forming a network of infected devices (a botnet). As part of the botnet, hijacked devices are then programmed to commit further cyber attacks.
Most recently, the Mirai botnet has been observed actively exploiting a TP-Link Archer A21 (AX1800) WIFI router vulnerability. Exploit attempts in the wild were initially detected by the Zero Day Initiative, starting last week. The recent botnet activity has largely affected Eastern European nations, although it is spreading worldwide.
2. Chameleon android malware. This malware performs a variety of checks that enable it to deftly evade cyber security software detection. If the infection persists in an ecosystem, Chameleon asks victims to enable it to use Accessibility Services. Such permission allows for abuse of on-system software. Chameleon then gives itself more permissions and disables certain services.
Ultimately, Chameleon android malware can steal user credentials through overlay injections, keylogging, cookies and via SMS messages from infected devices. The emergence of Chameleon android malware highlights the growing magnitude and significance of malware risks in the mobile sphere.
3. Goldoson adware. Another form of mobile malware, this attack exploits more than 60 popular apps. Over 100 million corresponding app downloads have been confirmed. As the name implies, Goldoson adware can operate in the background of device environments and can click on ads, leading to financial gain via click fraud.
On Android 6.0 or higher devices, users may be asked for access permissions that can give the adware access to GPS data, WIFI and Bluetooth device information for nearby devices.
Based on BSSID (Basic Service Set Identifier) and RSSI (Recieed Signal Strength Indicator), the app can discern a device’s precise location, and can be more accurate than a GPS, especially when it comes to indoor device location assessment.
4. CV malware. Masquerading as Microsoft Word CV files, this malware can bypass more than 50 different antivirus software applications. The individuals behind this malware may have reverse-engineered popular antivirus products to ensure that CV malware tools can escape detection.
As the name implies, CV malware operates by infecting a fraudulent curriculum vitae (CV) file. The resume file then carries the malware within it and delivers the malware to a victim’s system. On most occasions, these files look like any other Microsoft Word files.
To be clear, CV malware is a general category of malware and also a specific malware type. There are many different version of this malware scheme, and there is also one that is specifically called CV malware. We suggest that you maintain vigilance in relation to CV malware in all forms.
5. Evil Extractor malware. This malware was initially developed by a company known as Kodex, which advertised it as an “educational tool.” According to cyber security researchers, it usually pretends to exist as a legitimate file, but once loaded, it leverages PowerShell for malicious purposes.
True to its name, Evil Extractor’s malicious activities include extracting sensitive information from an endpoint, and sending it to a threat actor’s FTP server. Evil Extractor can also execute ransomware attacks, which result in demands of $1,000 in Bitcoin in exchange for a decryption key. “Otherwise, you cannot reach your files forever,” a message on the screen reads.
6. LockBit ransomware. LockBit is listed among the most dangerous malware threats due to its highly advanced and sophisticated nature. What sets LockBit apart from other ransomware is its capitalization on extortion tactics, its Ransomware-as-a-Service (RaaS) offerings, and the group’s clear focus on industrial infrastructure operations. In 2022, LockBit emerged as the most prevalent and prolific ransomware group within the entire cyber crime ecosystem.
7. Rorschach ransomware. This malware threat has technically unique features, including the fastest ransomware encryption speed ever observed to-date. According to Check Point cyber security researchers, Rorschach has imported features from leading strains of ransomware, such as LockBit v2.0, Babuk and Darkside. The malware not only boasts self-propagating capabilities, but it “raises the bar for ransom attacks.”
8. Rhadamanthys infostealer. This malware may be distributed via Google ads that redirect compromised persons to phishing web pages. The ads are aimed at individual online consumers. However, Rhadamanthys can also propagate via spam emails that include an attachment containing a malicious payload. This technique is used to target businesses.
As an infostealer, Rhadamanthys gathers up as much information from victims as possible, collecting usernames, RAM, CPU information, browsing history, cookies, auto-fills, login credentials and more. Screenshots of a victim’s machine are also taken. The information is then relayed to a command and control (C&C) server controlled by the attackers.
At a later point in time, attackers can use the information to commit identity theft, drain bank accounts or to engage in other nefarious activities.
9. Pipedream malware. Pipedream malware is the first ever cross-industry disruptive and destructive ICS/operational technology (OT) malware. The existence of the malware shows that adversarial capabilities have increased considerably. In addition to implementing common ICS/OT-specific protocols, Pipedream’s technical configuration is superior to that of earlier ICS malware.
Pipedream provides adversaries with a wide variety of options through which to map out and understand a target’s OT network infrastructure. It can also identify assets and processes. All of this information can inform future disruptive and destructive attacks, and could ultimately enable cyber attackers to create chaos on a large scale.
10. Artificial intelligence malware. Cyber attackers can now create AI-powered, situationally aware and highly evasive malware (and ransomware). Such software can analyze a system’s defense mechanisms and quickly copy typical communication patterns in order to evade detection.
Adjacent cyber threats are also causing concern, and business leaders must make an effort to stay informed about the latest AI-powered cyber threats, implementing security measures accordingly.
How to avoid malware
Get the best security. You deserve the best. Learn about a comprehensive threat prevention solution that offers increased visibility and expanded control over your security measures. You also need real-time shared threat intelligence to ensure that preventative actions can be pursued in a timely manner. To learn more about top-tier, industry recognized cyber security tools and malware prevention, please click here.