View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 15, 2022updated 16 Sep 2022 4:32am

Info-stealing FormBook surpasses Emotet as most popular malware with cybercriminals

Targeting Windows machines, FormBook steals credentials and has been used in attacks on a variety of sectors.

By Claudia Glover

FormBook was the malware most used in online criminal activity last month, according to new research, knocking Emotet off top spot for the first time in nine months. The info-stealing software is available off the shelf for cybercriminals of any level as malware-as-a-service, and is known for its strong evasion techniques and relatively low price.

FormBook was the most popular malware used last month. (Photo by Tero Vesalainen/Shutterstock)

The malware targets Windows machines and, once deployed, “can harvest credentials, collect screenshots, monitor and log keystrokes as well as download and execute files according to its command and control (C&C) orders,” according to research from security vendor Check Point. FormBook has been growing in popularity since 2016. 

Other prevalent malware popular on dark web forums includes GuLoader, which has seen a sharp rise in activity propelling it into the fourth most widespread over August, according to Check Point. Initially only used to download one remote access trojan (RAT), it is now used in conjunction with infostealers like FormBook, Netwire, and Agent Tesla.

Agent Tesla was the most commonly used in cyberattacks on UK targets last month, the research says. Similar to FormBook in that it steals and transmits credentials, keyboard input and screenshots from a variety of apps installed on a victim’s machine, including the Google Chrome and Mozilla Firefox browsers and the Microsoft Outlook email client.

These malware strains are used to attack companies primarily in the sectors of education and research, government and military and healthcare, utilising widespread vulnerabilities like Log4J as their point of entry. “Apache Log4J remote code execution returns to first place as the most exploited vulnerability,” says the Check Point report. Log4J was used in 44% of attacks on organisations worldwide in August.

Use of mobile malware on the rise

In addition to remote access trojans and infostealers, the use of mobile malware is also growing, says Check Point. This month a mobile malware called AlienBot was most popular among online criminals, followed by Anubis and Joker.

AlienBot is a banking Trojan for Google’s Android operating system. Sold as malware-as-a-Service, it has many of the same capabilities as RATs, such as credential stealing and keystroke logging. However, since it was detected it has also developed audio recording and SMS harvesting capabilities.

Joker also has SMS harvesting capabilities. This malware can sign the victim up for paid premium services without the victim’s knowledge and is a signifier of how rapidly the malware landscape is changing, says Maya Horowitz, VP research at Check Point.

Content from our partners
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution

“The shifts that we see in this month’s index, from Emotet dropping from first to fifth place to Joker becoming the third most prevalent mobile malware, is reflective of how fast the threat landscape can change,” she says

Horowitz adds that this should act as a reminder to individuals and companies alike “of the importance of keeping up to date with the most recent threats as knowing how to protect yourself.”

She says: “Threat actors are constantly evolving and the emergence of FormBook shows that we can never be complacent about security and must adopt a holistic, prevent-first approach across networks, endpoints and the cloud.”

Tech Monitor is hosting the Tech Leaders Club on 15 September. Find out more on NSMG.live

Read more: WordPress vulnerability leads to 4.6 million attempted attacks

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU