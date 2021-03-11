



Trickbot malware is rising to fill the gap left by the removal of Emotet botnets, and an increasing number of criminals are shifting to Emotet botnets to distribute malware attacks.

Emotet was the most prolific and dangerous malware botnet in the world before it was confused by international law enforcement activities in January this year.

More and more bank trojans first emerged in 2014, establishing backdoors on compromised Windows machines and leasing them to other cybercriminal groups to carry out their own malware and ransomware campaigns. did.

The Emotet turmoil has hit cybercriminals, but they quickly adapted and Trickbot is now the most prevalent form of malware.

Trickbot offers many of the same features as Emotet, providing a way for cybercriminals to deliver additional malware to compromised machines. According to an analysis of malware campaigns by Check Point cybersecurity researchers, Trickbot is now the most commonly distributed malware in the world.

First distributed in 2016, Trickbot has long existed in the most forms of malware, but Emotet’s crackdown has made it even more popular for the widespread distribution of criminal-selected cyberattack campaigns. It became a method.

Maya Horowitz, director of threat intelligence and research at Checkpoint, said:

“As we suspect, there are many other things that continue to pose a high risk to networks around the world, even if the major threats are removed, so organizations prevent their networks from being compromised. , To minimize risk, we need to implement a robust security system, “she added.

But Trickbot isn’t just a malware threat to organizations, but other cybercrime campaigns are helping to fill the gap left by Emotet’s turmoil.

XMRig, an open source form of cryptocurrency mining malware, is the second most common as cybercriminals continue to exploit the processing power of compromised systems to generate Monero cryptocurrencies for themselves. It became a malware family.

The third most commonly distributed malware family in February was Qbot. This is a banking Trojan that has been around since 2008. Qbot is designed to steal bank account usernames and passwords by secretly recording keystrokes made by users, and is a sandbox technology to circumvent some anti-debugging and anti-detection. Like Trickbot, Qbot is usually distributed via phishing emails.

Other banking Trojans and botnets that have become more prolific since the removal of Emotet include Formbook, Glupteba, and Ramnit.

One way to help organizations protect their networks from malware threats is to ensure that the latest security patches are applied as soon as they are released. This prevents cybercriminals from exploiting known vulnerabilities to execute malware on your network.

Also, phishing remains such a common way to distribute cyberattacks, so it’s important to take the time to educate your employees on how organizations can detect potential threats.

“Comprehensive training for all employees is so important that we have the skills needed to identify the type of malicious email that spreads Trickbot and other malware.” Horowitz said.

