Qbot | Banking malware concentrates one in six attacks in Brazil

Qbot |  Banking malware concentrates one in six attacks in Brazil

Qbot, one of the main malware in activity in the world, seems to have Brazil as one of its main targets at the moment. The plague was responsible for one in every six attacks recorded in December 2022 in the country, with 16.5% of recorded incidents being a result of it; in the world, the average is 7%, less than half of the total recorded here.

  • Malware is not a thing of the past and is an ever-increasing threat
  • Four methods viruses use to evade security software

The numbers are from the threat intelligence division of Check Point Software, which monthly releases surveys related to the global volume of threats, also revealing cybercriminal trends. This time, the focus is on Glupteba, a botnet focused on attacks against blockchain systems, in addition to the aforementioned and ever-popular Qbot.

In the case of the former, the focus is on personal and corporate computers, with the modular malware carrying out a contamination capable of downloading other pests to the PC and carrying out actions according to the character of each victim. Disappeared from the ranking of the main threats since December 2021, it returns as a vector of ransomware scams, data breaches and theft or mining of cryptocurrencies, among other offenses.

Meanwhile, Qbot continues with its credential theft operations and spying on data entered by users. The number of infections has grown compared to November last year, with the pest overtaking the traditional champion Emotet in the ranking; it appears in second place, with 4% of the cases and also serving as an accessory to more contaminations from the download of modules that allow more attacks than the original programming.

Check Point’s report also highlights the growth of XMRig, a pest based on an open source system for mining the Monero cryptocurrency. While the software itself is not malicious, its capabilities are also taken advantage of by cybercriminals in 3% of attacks, deploying malware with the technology on victims’ machines, taking advantage of their computing power for financial gain.

In Brazil, the mining plague accounted for 5.6% of cyber incidents recorded in December 2022, almost double the global average. In the case of Emotet, there was also a difference, with scams around here representing 5% of the total. Glupteba also had twice as many registrations here, 2.2% compared to 1.2% computed around the globe.

The survey also draws attention to the emergence of Hiddad as one of the main malware against the Android operating system. Focused on displaying malicious advertisements, with profits remitted to scammers, it can also steal data or display links to fraudulent websites. Meanwhile, 46% of organizations worldwide were affected by vulnerabilities in exposing information on web servers, from Git repositories, also allowing account intrusions and attacks against internal infrastructures.

“Malware often masquerades as legitimate software to give hackers access to devices without arousing suspicion,” explains Maya Horowitz, vice president of research at Check Point Software. For her, the main safety measure should be diligence in downloading applications and clicking on links, even if they appear to be genuine. Making sure everything is correct could be the difference between security and a malware infection.

Attack targets are also different in Brazil

The Check Point survey also shows a different interest in attacks in Brazil compared to the rest of the world. The only coincidence here is the government and military sector, which appears in third place among the most common attacks in our country, but in second place worldwide.

Brazilian utilities sector companies, however, lead the ranking of the hardest hit, ahead of systems integrators. In the world, however, the education and research segment remains at the top, with companies in the health sector appearing in third place, maintaining its position in the ranking since the height of the covid-19 pandemic.