View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 3, 2018updated 21 Jul 2022 5:53am

Top 10 Malware Families in 2018: Botnet Analysis

njRAT, around since 2012, remains widespread, analysis by Kaspersky of 600,000 botnets shows

By CBR Staff Writer

Kaspersky Lab has found a growing demand for malware that is flexible enough to perform almost any task, while downloads of remote access trojan (RAT) families have also grown significantly in the first half of 2018.

In a botnet activity analysis of over 150 malware families and their modifications circulating through 600,000 botnets in H1 of 2018, Moscow-headquartered Kaspersky found versatile malware increasingly favoured by botnet customers.

remote access trojan

“A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans,” said Alexander Eremin at Kaspersky Lab.

He added: “While this ability in itself allows [a] botnet owner to switch between different ‘active’ malicious business models, it also opens an opportunity for a passive income: the owner can simply rent out their botnet to other criminals.”

Kaspersky Lab tracks the activity of botnets using a technology that emulates infected computers (bots) to retrieve operational data about the actions of botnet operators.

There is no shortage of infectious riches to distribute – the company identified 13,858 unique malicious file downloads in the first half of 2018. The table to the left shows the Top 10 malware types downloaded by botnets so far this year, according to Kaspersky.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

In terms of territorial distribution of control servers, the backdoor NjRAT claimed the “most international” prize, with C&C centers in 99 countries. Kaspersky ascribed the geographical scope to “the ease of configuring a personal backdoor, allowing anyone to create their own botnet with minimal knowledge of malware development.”

Remote Access Trojan Activity on the Rise

kaspersky botnets

See also: New Mirai Botnet Breed Taps Aboriginal Linux to Spawn Across Devices

The share of detected Trojans – responsible for the BackSwap banking malware increasingly used against financial institutions –  crept up overall from 32.89 percent to 34.25 percent. In comparison, the share of single-purpose malware distributed through botnets dropped. Spamming bots, for example, fell from 18.93 percent in H2 2017 to 12.23 percent in H1 2018.

Some 22.46 percent of all unique malicious files distributed through Kaspersky Lab were banking Trojans; this compared to 13.25 percent in H1 2018. DDoS bots also dropped, from 2.66 percent in H2 2017 to 1.99 percent in H1 2018.

Kaspersky added that the only type of single-purpose malware to demonstrate significant growth were miners.

Last month, Kaspersky reported that mobile banking Trojans reached an all-time high in the second quarter of 2018, peaking at over 61,000 — a three-fold growth over Q1 2018. Mobile malware such as Trojans are being disguised as apps, and are overlaying interfaces on top of a banking app’s interface to steal information, Kaspersky said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.