Cybercriminals exploit coronavirus fears to spread malware

January's Global Threat Index from Check Point Research shows that Emotet remains the top threat for the fourth month in a row. But it’s now being spread by a spam campaign exploiting people's worries about the coronavirus.

The emails appear to be reporting where Coronavirus is spreading, or offering more information about the virus, encouraging the victim to open the attachments or click the links which, if opened, attempt to download Emotet on their computer. Emotet is primarily used as a distributor of ransomware or other malicious campaigns.

January also has also seen an increase in attempts to exploit the 'MVPower DVR Remote Code Execution' vulnerability, impacting 45 percent of organizations globally. This rose from being the third most exploited vulnerability in December to the top position in January. If successfully exploited, a remote attacker can use this weakness to execute arbitrary code on the targeted machine.

"As with last month, the 'most wanted' malicious threats impacting organizations continue to be versatile malware such as Emotet, XMRig and Trickbot, which collectively hit over 30 percent of organizations worldwide," says Maya Horowitz, director, threat intelligence and research, products at Check Point. "Businesses need to ensure their employees are educated about how to identify the types of topical spam emails that are typically used to propagate these threats, and deploy security that actively prevents these threats from infecting their networks and leading to ransomware attacks or data exfiltration."

First place in mobile malware is retained by xHelper. This is a malicious application seen in the wild since March 2019, used for downloading other malicious apps and displaying adverts. The application is capable of hiding itself from the user, and reinstalling itself if it is uninstalled.

You can see the complete top 10 malware list on the Check Point blog.

Image credit: loriklaszlo/depositphotos.com