November 2023's Most Wanted Malware: New AsyncRAT Campaign Discovered while FakeUpdates Re-Entered the Top Ten after Brief Hiatus

Researchers reported on a new AsyncRAT campaign where malicious HTML files were being used to spread the stealthy malware.
Our latest Global Threat Index for November 2023 saw researchers discover a AsyncRAT campaign where malicious HTML files were used to spread the covert malware.
AsyncRAT is a Remote Access Trojan known for its ability to remotely monitor and control computer systems without detection.
The malware, which came in sixth place on last month's top ten list, utilizes various file formats such as PowerShell and BAT to carry out process injection.
Meantime, downloader, FakeUpdates, re-entered the top malware list after a two-month break.
Written in JavaScript, the malware distribution framework deploys compromised websites to trick users into running fake browser updates.
The rise of the AsyncRAT campaign and the resurgence of FakeUpdates highlight a trend where attackers use deceptive simplicity to bypass traditional defenses.
Formbook was the most prevalent malware last month with an impact of 3% worldwide organizations, followed by FakeUpdates with a global impact of 2%, and Remcos with a global impact of 1%. Formbook - Formbook is an Infostealer targeting the Windows OS and was first detected in 2016.
It is marketed as Malware as a Service in underground hacking forums for its strong evasion techniques and relatively low FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C. FakeUpdates - FakeUpdates is a downloader written in JavaScript.
FakeUpdates led to further compromise via many additional malwares, including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult.
Remcos distributes itself through malicious Microsoft Office documents, which are attached to SPAM emails, and is designed to bypass Microsoft Windows UAC security and execute malware with high-level privileges.
Mirai - Mirai is an infamous Internet-of-Things malware that tracks vulnerable IoT devices, such as web cameras, modems and routers, and turns them into bots.
Zyxel ZyWALL Command Injection - A command injection vulnerability exists in Zyxel ZyWALL. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary OS commands in the effected system.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access to the affected system.
MVPower CCTV DVR Remote Code Execution- A remote code execution vulnerability exists in MVPower CCTV DVR. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
PHPUnit Command Injection - A command injection vulnerability exists in PHPUnit.
Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary commands in the affected system.
OpenSSL TLS DTLS Heartbeat Information Disclosure - An information disclosure vulnerability exists in OpenSSL. The vulnerability, aka Heartbleed, is due to an error when handling TLS/DTLS heartbeat packets.
Anubis - Anubis is a banking Trojan malware designed for Android mobile phones.


This Cyber News was published on blog.checkpoint.com. Publication date: Tue, 12 Dec 2023 16:13:05 +0000


Cyber News related to November 2023's Most Wanted Malware: New AsyncRAT Campaign Discovered while FakeUpdates Re-Entered the Top Ten after Brief Hiatus