1. Shlayer is a downloader and dropper for MacOS malware. It is primarily distributed through malicious websites, hijacked domains, and malvertizing posing as a fake Adobe Flash updater.
2. Gh0st is a RAT used to control infected endpoints. Gh0st is dropped by other malware to create a backdoor into a device that allows an attacker to fully control the infected device.
3. Agent Tesla is a RAT that exfiltrate credentials, log keystrokes, and capture screenshots from an infected computer.
4. ZeuS is a modular banking trojan which uses keystroke logging to compromise victim credentials when the user visits a banking website. Since the release of the ZeuS source code in 2011, many other malware variants have adopted parts of its codebase, which means that events classified as ZeuS may be other unnamed malware using parts of the ZeuS code.
5. Blaknight, also known as HawkEye, is an Infostealer known for its keylogging capabilities for credential and banking theft.
6. Qakbot is financial malware designed to target governments and businesses for financial fraud and known for its wormability on a network. Qakbot installs a keylogger to steal user credentials. It monitors network traffic, specifically traffic to online banking websites and can piggyback on a user’s active banking session by intercepting authentication tokens. It is currently being dropped by Emotet.
7. SocGholish is a RAT and a banking trojan that uses fake Flash Updates to drop a NetSupport RAT payload. Recently, SocGholish has been used to drop WastedLocker ransomware, a new ransomware variant.
8. NanoCore is a RAT spread via malspam as a malicious Excel XLS spreadsheet. As a RAT, NanoCore can accept commands to download and execute files, visit websites, and add registry keys for persistence.
9. Dridex is a banking trojan that uses malicious macros in Microsoft Office with either malicious embedded links or attachments. Dridex is disseminated via malspam campaigns
10. Kovter is a fileless click fraud malware and a downloader that evades detection by hiding in registry keys. Reporting indicates that Kovter can have backdoor capabilities and uses hooks within certain APIs for persistence.
Source: https://www.cisecurity.org/blog/top-10-malware-august-2020/
Top Mobile Malware Threats – August 2020
- xHelper – A malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisements. The application can hide itself from the user, and reinstall itself in case it was uninstalled.
- Necro – Necro is an Android Trojan Dropper. It can download other malware, showing intrusive ads and stealing money by charging paid subscriptions.
- Hiddad – Hiddad is an Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.