The influence of mining malware declined by almost 70% during 2019

Check Point experts summed up the results of October 2019. According to them, cryptocurrency miners for the first time in two years have lost their leadership in the ranking of the most active malware. In general, the influence of mining malware decreased by almost 70% during 2019.

“In January and February 2018, this type of malware affected the activities of more than 50% of organizations worldwide. However, just a year later – in January 2019 – activity fell to 30%, and in October of this year, the actions of miners affected only 11% of companies in the world, – say Check Point experts.

As a result, the Emotet botnet became the most active malware in October 2019, though a month earlier held only the fifth position in the rating and affected 14% of organizations in the world. At the end of the month, the botnet was actively distributing Halloween spam. The subject of emails included congratulations (“Happy Halloween”) and invitations to the holiday (“Halloween Party Invitation”), while the messages contained a malicious file.

Read also: Attackers hacked Upbit cryptocurrency exchange and stole $ 48.5 million

In second place was XMRig, whose attacks accounted for 7% of companies in the world. Top-three dangerous malwares closed Trickbot with a coverage of 6%. As a result, the list of the most active malware in the world look as following:

1. Emotet is an advanced self-propagating modular Trojan. Emotet was once an ordinary banker, but has recently been used to spread other malware and campaigns. New functionality allows sending phishing emails containing malicious attachments or links.
2. XMRig is open source software first discovered in May 2017. Used to mine Monero cryptocurrency.
3. Trickbot is one of the dominant banking trojans, which is constantly updated with new features, functions and distribution vectors. Trickbot is a flexible and customizable malware that can spread through multi-purpose campaigns.

The list of the most active mobile threats in October 2019 has also changed. So, in October, the Guerrilla Trojan became the most common mobile threat, followed by Lotor and Android Bats in the ranking:

1. Guerilla – clicker for Android, which can interact with the managing server, download additional malicious plug-ins and aggressively wind up advertising clicks without the consent or knowledge of the user.
2. Lotoor is a program that exploits vulnerabilities in the Android operating system to gain privileged root access on hacked mobile devices.
3. AndroidBauts is an adware designed for Android users that steals IMEI, IMSI, GPS location and other device information and allows installing third-party applications on infected devices.