Novel Malware Strains are one of the most persistent and widespread threats to the Internet. Malware, or malicious software, can corrupt a system by executing an unauthorized function or process. Malicious cyber actors frequently use malware to secretly compromise and subsequently seize control of a computer or mobile device. Malware types include viruses, worms, Trojans, ransomware, spyware, and rootkits.
In this blog post, we will review some of the novel malware strains that emerged or evolved in 2021, and provide some tips on how to protect yourself and your business from these threats. We will also discuss how Bilal infoTech (BIT) can help you with malware detection and prevention.
Table of Contents
The 2021 Top Novel Malware Strains
According to a joint Cybersecurity Advisory (CSA) issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC), the top malware strains of 2021 are:
Agent Tesla:
Agent Tesla is an information stealer that can capture keystrokes, clipboard data, screenshots, credentials, and webcam footage. It can also download and execute additional malware, and exfiltrate data via SMTP, FTP, or HTTP.
AZORult:
An information stealer that can harvest credentials, browser history, cookies, cryptocurrency wallets, and files. It can also download and execute additional malware, and act as a loader for ransomware such as STOP and Buran.
Formbook:
An information stealer that can capture keystrokes, clipboard data, screenshots, credentials, and files. It can also download and execute additional malware, and perform various malicious actions such as deleting or stealing files, killing processes, shutting down or rebooting the system, and logging off the user.
Ursnif:
A banking Trojan and information stealer that can intercept and modify web traffic, steal banking credentials, personal information, and cryptocurrency wallets, and download and execute additional malware. It can also use web injects, keyloggers, and screen capture to perform fraudulent transactions.
LokiBot:
A Trojan information stealer that can harvest credentials, browser history, cookies, cryptocurrency wallets, and files. It can also download and execute additional malware, and act as a backdoor for remote access. It can also lock the infected system and display a ransom note if an attempt is made to remove it.
MOUSE ISLAND:
A ransomware dropper that can download and execute ransomware such as Maze, Egregor, and Ryuk. It can also perform reconnaissance, lateral movement, and privilege escalation on the infected network.
NanoCore:
An information stealer that can capture keystrokes, clipboard data, screenshots, credentials, webcam footage, and microphone audio. It can also download and execute additional malware, and act as a backdoor for remote access.
Qakbot:
A banking Trojan and information stealer that can intercept and modify web traffic, steal banking credentials, personal information, and files. It can also download and execute additional malware, and form a botnet for distributed denial-of-service (DDoS) attacks. It is often used as a precursor for ransomware such as ProLock and Egregor.
Remcos:
A remote access Trojan (RAT) that can capture keystrokes, clipboard data, screenshots, credentials, webcam footage, and microphone audio. It can also download and execute additional malware, and perform various malicious actions such as deleting or stealing files, killing processes, shutting down or rebooting the system, and logging off the user.
TrickBot:
A banking Trojan and information stealer that can intercept and modify web traffic, steal banking credentials, personal information, and files. It can also download and execute additional malware, and form a botnet for DDoS attacks. It is often used as a precursor for ransomware such as Ryuk and Conti.
GootLoader:
A malware loader that can download and execute various malware such as GootKit, REvil, and Kronos. It uses compromised websites and search engine optimization (SEO) techniques to lure victims into downloading malicious documents.
Most of these malware strains have been in use for more than five years, with some of them dating back to more than a decade. However, they have evolved and adapted over time, incorporating new features, techniques, and variants to evade detection and enhance their capabilities. They are also often used in combination with each other, creating a complex and layered attack chain that can cause significant damage and disruption.
How to Protect Yourself and Your Business from Malware
Malware can infect your system through various vectors, such as phishing emails, malicious attachments, compromised websites, drive-by downloads, removable media, and software vulnerabilities. Therefore, it is important to adopt a defense-in-depth approach that covers multiple layers of protection, such as:
- Patching all systems and prioritizing patching known exploited vulnerabilities. This can prevent malware from exploiting unpatched or outdated software to gain access to your system.
- Enforcing multifactor authentication (MFA). This can prevent malware from using stolen credentials to access your accounts and services.
- Securing Remote Desktop Protocol (RDP) and other risky services. This can prevent malware from using brute force or credential-stuffing attacks to gain remote access to your system.
- Making offline backups of your data. This can help you recover your data in case of a ransomware attack or data loss.
- Providing end-user awareness and training about social engineering and phishing. This can help you and your employees recognize and avoid malicious emails and websites that may deliver malware.
- Using antivirus software and firewalls. This can help you detect and block malware before it infects your system or spreads to other systems on your network.
- Monitoring and auditing your network activity. This can help you identify and respond to any suspicious or anomalous behavior that may indicate a malware infection or compromise.
Conclusion
Malware is a serious and evolving threat that can compromise your system and data, and cause significant harm and disruption to your business. Therefore, it is essential to stay informed and vigilant and take proactive measures to protect yourself and your business from malware. We hope this blog post has given you some useful insights and tips on how to deal with novel malware strains, and how BIT can help you with malware detection and prevention. Thank you for reading, and stay safe!
