View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 3, 2018updated 21 Jul 2022 5:53am

Top 10 Malware Families in 2018: Botnet Analysis

njRAT, around since 2012, remains widespread, analysis by Kaspersky of 600,000 botnets shows

By CBR Staff Writer

Kaspersky Lab has found a growing demand for malware that is flexible enough to perform almost any task, while downloads of remote access trojan (RAT) families have also grown significantly in the first half of 2018.

In a botnet activity analysis of over 150 malware families and their modifications circulating through 600,000 botnets in H1 of 2018, Moscow-headquartered Kaspersky found versatile malware increasingly favoured by botnet customers.

remote access trojan

“A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans,” said Alexander Eremin at Kaspersky Lab.

He added: “While this ability in itself allows [a] botnet owner to switch between different ‘active’ malicious business models, it also opens an opportunity for a passive income: the owner can simply rent out their botnet to other criminals.”

Kaspersky Lab tracks the activity of botnets using a technology that emulates infected computers (bots) to retrieve operational data about the actions of botnet operators.

There is no shortage of infectious riches to distribute – the company identified 13,858 unique malicious file downloads in the first half of 2018. The table to the left shows the Top 10 malware types downloaded by botnets so far this year, according to Kaspersky.

In terms of territorial distribution of control servers, the backdoor NjRAT claimed the “most international” prize, with C&C centers in 99 countries. Kaspersky ascribed the geographical scope to “the ease of configuring a personal backdoor, allowing anyone to create their own botnet with minimal knowledge of malware development.”

Content from our partners
Unlocking the value of artificial intelligence and machine learning
Behind the priorities of tech and cybersecurity leaders
Corporate ransomware attacks: It’s only a matter of when, not if

Remote Access Trojan Activity on the Rise

kaspersky botnets

See also: New Mirai Botnet Breed Taps Aboriginal Linux to Spawn Across Devices

The share of detected Trojans – responsible for the BackSwap banking malware increasingly used against financial institutions –  crept up overall from 32.89 percent to 34.25 percent. In comparison, the share of single-purpose malware distributed through botnets dropped. Spamming bots, for example, fell from 18.93 percent in H2 2017 to 12.23 percent in H1 2018.

Some 22.46 percent of all unique malicious files distributed through Kaspersky Lab were banking Trojans; this compared to 13.25 percent in H1 2018. DDoS bots also dropped, from 2.66 percent in H2 2017 to 1.99 percent in H1 2018.

Kaspersky added that the only type of single-purpose malware to demonstrate significant growth were miners.

Last month, Kaspersky reported that mobile banking Trojans reached an all-time high in the second quarter of 2018, peaking at over 61,000 — a three-fold growth over Q1 2018. Mobile malware such as Trojans are being disguised as apps, and are overlaying interfaces on top of a banking app’s interface to steal information, Kaspersky said.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy