The Global Threat Index for May 2023 was recently published. In the month of May, Qbot was the most prevalent malware in Kenya. The Malware had an impact of 23.03%.
Qbot, also known as Qakbot, is a Windows malware. The malware was launched as banking trojan. However, it has since evolved into a malware dropper. Currently, the malware has been abusing a DLL hijacking vulnerability in the Windows 10 WordPad executable, write.exe.
Once, installed Qbot quietly runs in the background. It works by stealing emails for use in further phishing attacks. Often, the malware will eventually download other payloads, such as Cobalt Strike.
The affected device becomes the base for the malware to spread across a network. If undetected, it may lead to ransomware attacks. According to the report, XMRig with an impact of 14.55% and FormBook with an impact of 13.33% were ranked second and third respectively in Kenya.
XMRig – XMRig is open-source CPU mining software used to mine the Monero cryptocurrency. Threat actors often abuse this open-source software by integrating it into their malware to conduct illegal mining on victims’ devices.
Formbook – Formbook is an Info stealer targeting the Windows OS and was first detected in 2016. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its Command and Control server (C&C).
Qbot a Threat to Users Globally
Moreover, Qbot was not just a threat domestically. In the world, it was the most prevalent malware with an impact of 6% of worldwide organizations. Similar to Kenya, Formbook was second with a global impact of 5%. However, AgentTesla with a global impact of 3% came in third globally.
Among mobile malwares, Anubis rose to first place as the most prevalent Mobile malware. AhMyth and Hiddad were ranked second and third.
Anubis is a banking Trojan malware designed for Android mobile phones. It has been detected on a number of mobile applications that are available on Google Play store. Hiddad is different as it repackages legitimate apps on third party stores and runs ads. However, it can access security details on android OS.
Lastly, the report by Checkpoint Technologies Ltd listed the utilities industry as the most exploited industry in Africa. It was followed by transportation and retail/wholesale.