- The rise in teleworking created vulnerabilities more easily exploited by threat actors attacking commercial and government organizations.
- Because the pandemic has unfolded quickly and is widespread organizations have scrambled to alter their existing cybersecurity measures to support a large-scale remote workforce.
- Remote workers may be easily victimized by malicious links in online forums, social media and compromised websites.
- Attackers are leveraging the widespread demand for information about the pandemic to lure victims in.
A campaign that used the Black Lives Matter (BLM) movement and the Trickbot malware to lure unsuspecting victims into opening a malicious email and attachment. Valak infoStealer.
Valak malware loader delivers the IcedID banking trojan which is designed to steal banking credentials, credit cards and other financial information.Vidar infoStealer.
Vidar can steal credit cards, usernames, passwords and files, take screenshots of a user’s desktop and steal wallets for cryptocurrencies.Emotet.
Proofpoint’s threat research team observed a malspam campaign delivering the Emotet banking trojan after a five-month hiatus by the threat actor. Emotet steals stored passwords, sensitive banking data and browser histories from victims’ computers.Qakbot infostealer.
Qakbot, aka Qbot, can steal a victim’s credentials, banking information and files. It has worm capabilities that allow it to spread itself to other systems on the same network.MassLogger infostealer malspam.
MassLogger is a relatively new infostealer written using .NET, a programming framework developed by Microsoft. It and can log keystrokes and clipboard data, take screenshots and steal credentials from popular browsers.njRAT malspam.
njRAT malware, aka Bladabindi and Njw0rm, is a remote access trojan (RAT) and infostealer that can maintain persistence and operate undetected on victims’ machines while sending sensitive information back to its command and control (C&C) infrastructure.Metamorfo banking trojan.
Metamorfo is a banking trojan that attempts to steal sensitive financial information and exfiltrate it to a C&C server. It features a wide variety of evasive techniques to bypass security and deliver its payload undetected.For a full list of malware Infoblox found in the quarter click here.