We are in 2018, a year in which, unfortunately, we cannot say that the presence of viruses and malware has been small. Techniques continue to be perfected and cybercriminals do not rest for a second to achieve their purposes. In the best of cases, get the identity of the user and get sensitive data, such as email and bank card number. To all this we must add that its objective is no longer focused only on computers. For several years now, mobile devices, led by the Android system, have been an easy target, especially through malicious apps. Taking this into account, and at the end of the year, today at your expert we want to review some of the most prominent viruses of this 2018.
1. CrossRAT
The year got off to a rocky start with the presence of CrossRAT, a RAT-type Trojan (Remote Access Trojan) capable of penetrating any type of operating system without problem, including Linux or macOS. Once the victim falls on the hook, they start monitoring their system, taking screenshots, as well as stealing personal data (including passwords and bank details). In addition, it gives the cybercriminal to connect to the computer remotely.
The real problem with CrossRAT, and what makes it completely dangerous, is that it is a very difficult Trojan to detect. To all this we must add that it has advanced mechanisms that not only allow it to circumvent antivirus programs, but also to install itself on the system permanently. In this way, even if the main file is deleted, the threat is still present.
If you want to know if your Windows system is infected by this Trojan, you just have to check if in the registry path “HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \” there is the following entry “java, -jar or mediamgrs. jar " . On macOS you would have to find a JAR file in the "~ / Library" directory. Finally, in Linux a similar file in the path “/ usr / var”.
2. BackSwap
In recent years, banking malware (better known as “Bankers”) have been declining, mainly due to the rise of ransomware. However, this year a new type of Banker emerged, discovered by ESET researchers, dubbed BackSwap. This new malware is not only capable of escaping a large part of the antivirus, since it does not use a code injection process like its predecessors, its method is so easy that you do not need to know much about Windows to implement it in attacks .
The malware simplifies the injection process by monitoring the Windows window system message loop and injects the code into the browser's JavaScript console the moment it detects that the victim has connected to the bank's page. Although at first the malware was distributed through spam campaigns aimed exclusively at Polish users, at the end of August it began to do its thing in Spain.
3. Typeframe
Straight from North Korea, one of the most controversial places on the planet, came Typeframe, a new breed of malware designed to wreak havoc on any computer it wanders. This virus is capable of downloading and installing additional malware such as Trojans and proxies , in addition to making changes in the way antivirus or firewalls work to connect to hackers' servers and obey their orders.
This is a very common malware profile, like the popular Wannacry, which is thought to have also come from this country. Wannacry caused real headaches all over the world , especially in Ukraine and Russia.
4. Virobot
In September Trend Micro discovered Virobot, a ransomware-type threat, which encrypts all files on victims' computers to demand a financial ransom. In this way, the only solution to recover the files is to pay the amount indicated by the cyber criminals. However, in many cases, facing the payment is useless, because they end up without returning them.
Virobot encrypts the computer and sends a ransom message, demanding about $ 520 in bitcoin. The truth is that while the computer is blocked, the virus also takes over the Microsoft Outlook command to send e-mails to the victim's contact list. These are spam messages that also include a copy of Virobot. The objective is more than evident: that it expands to the more people the better. The files that Virobot targets usually have the following extensions, so the threat often goes unnoticed: TXT, DOC, DOCX, XLS, XLSX, PPT, PPTX, ODT, JPG, PNG, CSV, SQL, MDB, SLN, PHP, ASP, ASPX, HTML, XML, SWP, PSD, and PDF.
5. Osiris
After spending a few years lethargic, Kronos returned to the scene last July renamed Osiris. It is a highly dangerous banking Trojan, which, moreover, now does it with more force. Osiris has been sent in phishing campaigns via email, from where, on the other hand, they send Word documents specially designed for the occasion. The new Kronos update uses Anti-VM or Anti-Sandbox mechanisms to avoid the detection of any type of antivirus. It is also capable of reducing the security of the browser to inject malicious code into web pages.
It should be noted that Osiris can copy itself in different locations on our computer, as well as shortcuts in the home folder. Today it is marketed on the deep web at a fairly high price. It has been located at about 6,000 euros to change.