Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks

Written by

The Remcos Trojan has returned to the top ten list (in eighth position) of most wanted malware by Check Point Software for the first time since December 2022.

According to the latest report published by the company earlier today, threat actors used Remcos extensively in February to target Ukrainian government entities through phishing attacks.

The research document also clarifies that, overall, weekly attacks targeting Ukraine have decreased by 44% between October 2022 and February 2023.

“While there has been a decrease in the number of politically motivated attacks on Ukraine, they remain a battleground for cyber-criminals,” explained Maya Horowitz, VP of research at Check Point Software, commenting on the report’s findings.

“Hacktivism has typically been high on the agenda for threat actors since the Russo-Ukrainian war began, and most have favored disruptive attack methods such as DDoS to garner the most publicity.”

Horowitz added that recent attacks against Ukrainian targets used a more traditional attack route, such as phishing scams, to obtain information and extract data.

“It’s important that all organizations and government bodies follow safe security practices when receiving and opening emails. Do not download attachments without scanning the properties first. Avoid clicking on links within the body of the email, and check the sender address for any abnormalities such as additional characters or misspellings.”

Qbot retained its leading position in the list, followed by the Formbook infostealer and the infamous Emotet trojan – both of which climbed ranks compared to Check Point’s January report.

Banking trojan Anubis also retained its position as top mobile malware, followed by Hiddad (a malware tool designed to repackage apps with extra ads) and the AhMyth RAT.

The vulnerability most exploited in the wild in February was the web server malicious URL directory traversal, replacing the web server flaw that exposed GitHub repository information in October 2022. The Apache Log4j remote code execution vulnerability (CVE-2021-44228) took the third spot.

What’s hot on Infosecurity Magazine?