News Security

January 2023’s Most Wanted Malware: Infostealer Vidar Makes a Return while Earth Bogle njRAT Malware Campaign Strikes

check-point

Check Point® Software Technologies Ltd. has published its Global Threat Index for January 2023. Last month saw infostealer Vidar return to the top ten list in seventh place after an increase in instances of brandjacking, and the launch of a major njRAT malware phishing campaign in the Middle East and North Africa.

In January, infostealer Vidar was seen spreading through fake domains claiming to be associated with remote desktop software company AnyDesk. The malware used URL jacking for various popular applications to redirect people to a single IP address claiming to be the official AnyDesk website. Once downloaded, the malware masqueraded as a legitimate installer to steal sensitive information such as login credentials, passwords, cryptocurrency wallet data and banking details.

Researchers also identified a major campaign dubbed Earth Bogle delivering the njRAT malware to targets across the Middle East and North Africa. The attackers used phishing emails containing geopolitical themes, enticing users to open malicious attachments. Once downloaded and opened, the Trojan can infect devices, allowing attackers to conduct numerous intrusive activities to steal sensitive information. njRAT came in at number ten on the top malware list, having dropped off after September 2022.

 Maya Horowitz, VP Research at Check Point Software, said, “Once again, we’re seeing malware groups use trusted brands to spread viruses, with the aim of stealing personal identifiable information. I cannot stress enough how important it is that people pay attention to the links they are clicking on to ensure they are legitimate URLs. Look out for the security padlock, which indicates an up-to-date SSL certificate, and watch for any hidden typos that might suggest the website is malicious.” 

CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” remained the most exploited vulnerability last month, impacting 46% of organizations globally, followed by “HTTP Headers Remote Code Execution” with 42% of organizations worldwide. “MVPower DVR Remote Code Execution” came in third with a global impact of 39%.

Related posts

Zendesk Hires Mitch Young as Senior Vice President, Asia Pacific

enterpriseitworld

Veeam Data Platform v12.3 now includes Microsoft Entra ID Protection

enterpriseitworld

Al Dahra Improves App Performance 10x with Nutanix on AWS

enterpriseitworld