Mobile threats also remained prominent
Posted: Thu Feb 13, 2025 7:13 am
ystems. It exploits browser functionalities to execute harmful activities like monitoring web browsing, capturing screenshots, and injecting scripts to steal cryptocurrency. Rilide operates by downloading other malware, recording user activities, and can even manipulate web content to deceive users into unauthorized actions.
↔ Phorpiex – Phorpiex is a botnet (aka Trik) that has been active since 2010 and at its peak controlled more than a million infected hosts. It is known for distributing other malware families via spam campaigns as well as fueling large-scale spam and sextortion campaigns.
↓ Formbook – Formbook is an Infostealer targeting the Windows OS and was first detected in 2016. It is marketed as Malware as a Service (MaaS) in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C.
↑ Amadey – Amadey is a Trojan bot first discovered in October of 2018. A majority of its use is for collecting information about a victim’s environment, although it is also capable of delivering other malware. Amadey is primarily spread by exploit kits such as RigEK and Fallout EK.
Top Mobile Malwares
with Anubis, a banking trojan, taking the italy whatsapp number data top spot for December. Known for its remote access and ransomware capabilities, Anubis was followed by Necro, a trojan dropper, and Hydra, a malware targeting banking credentials.
↑ Anubis – Anubis is a banking Trojan malware designed for Android mobile phones. Since it was initially detected, it has gained additional functions including Remote Access Trojan (RAT) functionality, keylogger, audio recording capabilities and various ransomware features. It has been detected on hundreds of different applications available in the Google Store.
↑ Necro – Necro is an Android Trojan Dropper. It is capable of downloading other malware, showing intrusive ads and stealing money by charging paid subscriptions.
↑ Hydra– Hydra is a banking Trojan designed to steal banking credentials by requesting victims to enable dangerous permissions and access each time the enter any banking app.
For the fifth consecutive month, Education/Research ranked as the most attacked industry globally, followed by Communications and Government/Military sectors. These trends underline the persistent vulnerabilities in sectors that rely heavily on interconnected systems and sensitive data.
Data from ransomware “shame sites” placed FunkSec as December’s most active ransomware group, responsible for 14% of all posted attacks. It was followed by RansomHub and LeakeData, with 9% each.
FunkSec – FunkSec is an emerging ransomware group that first appeared in December 2024, known for using double extortion tactics. Some reports suggest it has started it operations in September 2024. Notably, their DLS (Data Leak Site) combines reports of ransomware incidents with those of data breaches, contributing to an unusually high reported victim count.
RansomHub – RansomHub is a Ransomware-as-a-Service (RaaS) operation that emerged as a rebranded version of the previously known Knight ransomware. Surfacing prominently in early 2024 in underground cyber crime forums, RansomHub has quickly gained notoriety for its aggressive campaigns targeting various systems including Windows, macOS, Linux, and particularly VMware ESXi environments. This malware is known for employing sophisticated encryption methods.
LeakeData – LeakedData is a newly identified entity operating a clear web data leak site (DLS). The site lists alleged victims’ data and features countdowns for future releases. Despite presenting itself as an extortion group, the site lacks communication channels, leaving the entity’s actual nature, claimed victims, and intentions unclear.
↔ Phorpiex – Phorpiex is a botnet (aka Trik) that has been active since 2010 and at its peak controlled more than a million infected hosts. It is known for distributing other malware families via spam campaigns as well as fueling large-scale spam and sextortion campaigns.
↓ Formbook – Formbook is an Infostealer targeting the Windows OS and was first detected in 2016. It is marketed as Malware as a Service (MaaS) in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C.
↑ Amadey – Amadey is a Trojan bot first discovered in October of 2018. A majority of its use is for collecting information about a victim’s environment, although it is also capable of delivering other malware. Amadey is primarily spread by exploit kits such as RigEK and Fallout EK.
Top Mobile Malwares
with Anubis, a banking trojan, taking the italy whatsapp number data top spot for December. Known for its remote access and ransomware capabilities, Anubis was followed by Necro, a trojan dropper, and Hydra, a malware targeting banking credentials.
↑ Anubis – Anubis is a banking Trojan malware designed for Android mobile phones. Since it was initially detected, it has gained additional functions including Remote Access Trojan (RAT) functionality, keylogger, audio recording capabilities and various ransomware features. It has been detected on hundreds of different applications available in the Google Store.
↑ Necro – Necro is an Android Trojan Dropper. It is capable of downloading other malware, showing intrusive ads and stealing money by charging paid subscriptions.
↑ Hydra– Hydra is a banking Trojan designed to steal banking credentials by requesting victims to enable dangerous permissions and access each time the enter any banking app.
For the fifth consecutive month, Education/Research ranked as the most attacked industry globally, followed by Communications and Government/Military sectors. These trends underline the persistent vulnerabilities in sectors that rely heavily on interconnected systems and sensitive data.
Data from ransomware “shame sites” placed FunkSec as December’s most active ransomware group, responsible for 14% of all posted attacks. It was followed by RansomHub and LeakeData, with 9% each.
FunkSec – FunkSec is an emerging ransomware group that first appeared in December 2024, known for using double extortion tactics. Some reports suggest it has started it operations in September 2024. Notably, their DLS (Data Leak Site) combines reports of ransomware incidents with those of data breaches, contributing to an unusually high reported victim count.
RansomHub – RansomHub is a Ransomware-as-a-Service (RaaS) operation that emerged as a rebranded version of the previously known Knight ransomware. Surfacing prominently in early 2024 in underground cyber crime forums, RansomHub has quickly gained notoriety for its aggressive campaigns targeting various systems including Windows, macOS, Linux, and particularly VMware ESXi environments. This malware is known for employing sophisticated encryption methods.
LeakeData – LeakedData is a newly identified entity operating a clear web data leak site (DLS). The site lists alleged victims’ data and features countdowns for future releases. Despite presenting itself as an extortion group, the site lacks communication channels, leaving the entity’s actual nature, claimed victims, and intentions unclear.