This is according to the Global Threat Index for August 2021research paper published by Check Point Research, which found Formbook affected 4.5% of global companies last month.
This helped it surpass Trickbot, a modular banking Trojan that’s been wreaking havoc for the past three months, and which now affects 4% of companies worldwide.
Agent Tesla, with 3%, rounded off the top three, while banking Trojan Qbot, known to have operators who like to take long sabbaticals, dropped from the top 10 completely.
xHelper targets mobile devices
“Formbook’s code is written in C with assembly inserts and contains a number of tricks to make it more evasive and harder for researchers to analyze,” said Maya Horowitz, VP Research at Check Point Software.
“As it is usually distributed via phishing emails and attachments, the best way to prevent a Formbook infection is by staying acutely aware of any emails that appear strange or come from unknown senders. As always, if it doesn’t look right, it probably isn’t.”
The report also stated that the most common vulnerability is “Web Server Exposed Git Repository Information Disclosure,” as it affects almost half (45%) of organizations worldwide. “HTTP Headers Remote Code Execution” is another major threat, affecting 43% of firms everywhere.
The top three threats were rounded off by “Dasan GPON Router Authentication Bypass,” having a global impact of 40%.
As for mobile malware, xHelper was the most prevalent one this month, together with AlienBot and FluBot. First spotted in early 2019, xHelper downloads other malicious apps onto the device, and displays advertisements to the victim. It can hide from the device owner and even reinstall itself if necessary.