The Most Popular Malware for August 2024

The Most Popular Malware for August 2024

by

Check Point Software Technologies, a leading cybersecurity platform provider of AI-powered cloud solutions, has released its Global Threat Index for August 2024. The list reveals that ransomware remains a dominant force, with RansomHub holding the position of com and the first team in the world. the division. This Ransomware-as-a-Service (RaaS) operation has grown rapidly since rebranding as Knight ransomware, breaching more than 210 victims worldwide. Meanwhile, the Meow ransomware has arrived, moving from encryption to selling stolen data.

Last month, RansomHub cemented its position as the number one ransomware threat, as detailed in a joint report by the FBI, CISA, MS-ISAC and HHS. This RaaS operation attacks systems in Windows, macOS, Linux and especially VMware ESXi environments, using sophisticated encryption techniques.

August also saw the rise of the Meow ransomware, which for the first time secured second place on the ransomware list. Derived from a variant of the Conti ransomware, Meow has shifted its focus from encryption to data extraction, turning the extortion site into a data loss market. In this model, stolen data is sold to the highest bidder, deviating from traditional ransomware extortion tactics.

“RansomHub’s emergence in August as the top ransomware threat highlights the growing sophistication of Ransomware-as-a-Service operations,” said Maya Horowitz, VP of Research at Check Point Software. “Organizations need to be more vigilant now than ever. The rise of the Meow ransomware highlights the shift to data leakage markets, signaling a new method of profit for ransomware operators, where stolen data are increasingly being sold to third parties, rather than just published online. As these threats evolve, businesses must be vigilant, adopt proactive security measures and continually strengthen their defenses against increasingly sophisticated attacks.”

Top malware families

* The arrows refer to the change in ranking compared to the previous month.

  1. ↔ FakeUpdates – FakeUpdates (AKA SocGholish) is a downloader written in JavaScript. Capture payloads to disk before they are ejected. FakeUpdates led to further compromises through several additional malware, including GootLoader, Dridex, NetSupport, DoppelPaymer and AZORult.
  2. ↔ Androxgh0St – Androxgh0st is a botnet that targets Windows, Mac and Linux platforms. For the initial infection, Androxgh0st exploits several vulnerabilities, specifically targeting PHPUnit, Laravel Framework and Apache Web Server. The malware steals sensitive information such as Twilio account information, SMTP credentials, AWS keys, etc. It uses Laravel files to collect the necessary information. It has different variants that scan for different information.
  3. ↑ Phorpiex – Phorpiex is a botnet known for distributing other malware families through spam campaigns, as well as feeding large-scale Sextortion campaigns.

Most Exploited Vulnerabilities

  1. ↔ Command Injection Over HTTP (CVE-2021-43936,CVE-2022-24086) – Command Injection over HTTP vulnerability has been reported. A remote attacker can exploit it by sending a specially crafted request to the victim. A successful exploit will allow an attacker to execute arbitrary code on the target machine.
  2. ↔ Zyxel ZyWALL Command injection (CVE-2023-28771( – Command injection vulnerability in Zyxel ZyWALL. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary operating system commands on the affected system.
  3. ↔ HTTP Headings Remote Password Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-1375) – HTTP headers allow the client and server to pass additional information with an HTTP request. A remote attacker can use a vulnerable HTTP header to execute arbitrary code on the victim’s machine.

Top Mobile Malware

In August Joker was ranked 1st most prevalent mobile malware, followed by Anubis and Hydra.

  1. ↔ Joker – An Android Spyware on Google Play, designed to steal SMS messages, contact lists and device information. In addition, the malware unknowingly registers the victim for premium services on advertising sites.
  2. ↔ Anubis – Anubis is a banking Trojan malware designed for Android phones. Since it was first detected, it has acquired additional features such as a Remote Access Trojan (RAT) feature, a keylogger, audio recording capabilities, and various ransomware features. It has been discovered in hundreds of different apps available in the Google Store.
  3. ↑ Hydra – Hydra is a banking Trojan designed to steal banking credentials by asking victims to enable dangerous privileges and log in every time they access any banking application.

Top–attacked Industries In the world

This month the Education / Research remains the No. 1 attacked industry worldwide, followed by Government/military sector and she Hi.

  1. Education / Research
  2. Government/military
  3. Hi

Top Ransomware Groups

  1. RansomHub – RansomHub is a Ransomware-as-a-Service (RaaS) activity that emerged as an updated version of the previously known Knight ransomware. RansomHub, which emerged in early 2024 in underground cybercrime forums, quickly gained notoriety for its aggressive campaigns targeting various systems, including Windows, macOS, Linux, and especially VMware ESXi environments, using sophisticated encryption methods.
  2. meow – Meow Ransomware is a variant based on the Conti ransomware known to encrypt a wide range of files on compromised systems and appending the “.MEOW” extension. It leaves a ransom note called “readme.txt”, which instructs victims to contact the attackers via email or Telegram to negotiate a ransom payment. Meow Ransomware spreads through various vehicles such as unprotected RDP configurations, email spam, and malicious downloads, and uses the ChaCha20 encryption algorithm to lock files, excluding “.exe” files and text files.
  3. Lockbit3 – LockBit is a ransomware, operating in a RaaS model, which was first reported in September 2019. LockBit is aimed at large companies and government agencies of various countries and is not aimed at individuals in Russia or the Commonwealth of Independent States.

The full list of the top ten malware families in August can be found on the Check Point blog.

Leave a Comment