Top 3 Malware Threatening Businesses in Q2 2023

ANY.RUN, an interactive online sandbox for fast malware analysis, has published the results of its research into the top cyber threat trends in Q2 2023.

The service, which analyzes 14,000 suspicious files and links daily, discovered that RATs (Remote Access Trojans) and loaders further solidified their positions as the primary security concerns. RATs displayed an increase of 12.8% quarter over quarter.

Another notable aspect of the current threat landscape is that it puts at risk all types of enterprises, from SMEs to large multinationals. Companies must implement additional security measures and tools to reduce the chance of falling prey to an attack.

Here are the top three malware families, which were used most commonly to attack businesses in Q2 2023, according to the report.

njRAT: The Third Most Widespread Threat

njRAT is a notorious RAT that was first spotted in 2013. Since then, it has accrued an entire community of enthusiasts who have produced tons of educational content on operating the malware.

njRAT gives attackers access to diverse hacking tools that allow them to manipulate an infected machine in numerous ways, including by keylogging, extracting passwords from browsers, and capturing webcam images.

As for the popularity of njRAT in the second quarter of 2023, its usage saw a 4.2% increase, with instances rising from 1096 to 1142, compared to Q1. This made it the third most popular malware worldwide.

Adversaries’ preferred way of distributing njRAT is through phishing emails with fake attachments disguised as legitimate files or documents. Once opened, they download and install njRAT on the victim’s computer.

Use this example of interactive malware analysis to see how njRAT infects a system by leveraging a PowerShell script and injecting itself into the standard Windows process RegSvcs.exe to avoid detection.

Remcos: Second among top threats

Remcos is another RAT that has been operating since 2016. Primarily used for data theft, it regularly receives updates and new features, which makes it a challenging threat to keep up with for organizations using outdated security solutions.

Although compared to Q1, the Q2 number of Remcos samples submitted to ANY.RUN has dropped by 1.2%, it still secured its spot as the second most common malware.

Remcos can be spread differently, including as an .exe or .docx file. Once it is on the victim’s computer, it steals private information, modifies the registry, and monitors user activity, transmitting it to its C2 server. To examine Remcos’ configuration and collect IOCs, refer to this analysis.

RedLine: The number one threat

RedLine is a stealer that first surfaced in 2020 at the height of the COVID-19 pandemic. It quickly became the go-to choice for attackers of all skill levels thanks to its intuitive control panel and expansive capabilities. Fast forward three years, RedLine remains a serious risk to any Windows system.

Its usage has surged by 80% in Q2 2023 compared to Q1, propelling it to the top of the list of the most persistent cyber threats on the planet.

RedLine is capable of full control over an infected computer. It can steal sensitive data, such as passwords, bank credentials, and even cryptocurrency. You can observe the execution process of a RedLine sample and interact with it by rerunning the task in the sandbox.

In most cases, RedLine is delivered via phishing emails with malicious attachments in various formats, such as office suite documents, PDFs, and executables, that pose as legitimate files. To prevent such files from infecting their infrastructure, organizations use sandboxes to analyze them and see if they are dangerous.

Conclusion

The research on the part of ANY.RUN has shown that the top three malware families in Q2 2023 were RedLine, Remcos, and njRAT. They are competent, and attackers always come up with more sophisticated ways of using them to inflict damage on organizations, both financially and reputationally.

To counter such threats, enterprises of all sizes must adopt new solutions for streamlining and enhancing their detection efforts. One of these solutions is ANY.RUN serves several security purposes, including fast in-depth malware analysis and threat intelligence gathering.

Source: https://cybersecuritynews.com/top-3-malware-threatening-businesses/