FormBook Tops Check Point’s Most Wanted Malware List For September

FormBook is the most prevalent malware in the wild worldwide, and Vidar, an infostealer, has entered the top 10 list in eighth place for the first time following a fake Zoom campaign.

The new data comes from Check Point Research (CPR), which shared with Infosecurity its September 2022’s Most Wanted Malware report earlier today.

According to the new figures, XMRig, an open-source CPU software used to mine Monero cryptocurrency, is currently in second place, while the advanced AgentTesla RAT is third.

“In terms of the most prevalent malware in September, it’s interesting to see Vidar leap into the top 10 after a long absence,” explained Maya Horowitz, VP of research at Check Point.

“Users of Zoom need to stay alert to fraudulent links as this is how the Vidar malware has been distributed lately. Always keep an eye out for inconsistencies or misspelled words in URLs. If it looks suspicious, it probably is.”

In terms of most commonly exploited vulnerabilities, CPR said the ‘Web Server Exposed Git Repository Information Disclosure’ was at the top of the list, with 43% of organizations worldwide impacted by it.

‘Apache Log4j Remote Code Execution’ followed closely, dropping from first place to second compared to last month, with an impact of 42%. September saw the education/research sector remain in first place as the most attacked industry globally.

From a geographical standpoint, the latest CPR report showcases a significant change in many Eastern European countries’ ‘threat rank.’

More specifically, in September, Ukraine jumped 26 places, Poland and Russia moved up 18 slots each and Lithuania and Romania moved up 17. All these countries are now among the top 25, having witnessed the most extensive degradation in their ranking occurring in the past month.

“As the war on the ground continues, so too does the war in cyberspace,” Horowitz said. “It’s likely no coincidence that the threat ranks of many Eastern European countries have increased this last month. All organizations are at risk and must shift to a prevent-first cybersecurity strategy before it’s too late.”

The CPR report comes days after Microsoft published new data suggesting Russia accounted for most state-sponsored attacks over the past year.