Hackers know no holiday.
In December 2020, just when the year was seeing its end, a spam campaign was targeting more than 100,000 users a day over Christmas and New Year. And here, the most prolific malware the hackers used, is the Emotet malware.
According to a report from cybersecurity company Check Point, it was suggested that Emotet was used to target 7% of all organizations around the world during December.
Maya Horowitz, director of threat intelligence and research at Check Point, said that:
"It's imperative that organizations are aware of the threat Emotet poses and that they have robust security systems in place to prevent a significant breach of their data. They should also provide comprehensive training for employees, so they are able to identify the types of malicious emails which spread Emotet."

Emotet is a malware strain, also known as Geodo and Mealybug. It was first detected back in 2014 from a cybercrime operation based in Russia.
The first versions of the Emotet malware were forms of banking trojans created to steal banking credentials from victims. And since then and throughout 2016 to 2017, Emotet was continuously updated and reconfigured to also become a loader for other malware strains.
This allows Emotet to be more capable in stealing data, as well as infiltrating systems for malicious purposes.
In other words, the malware that started its life as a banking trojan, has evolved to become much more than just that, to also provide a backdoor onto compromised machines which can then be sold to other cyber criminals to infect victims with additional malware, including ransomware.
Emotet is known for its worm-like capabilities which allows it to move from one machine to another on the same network. But it can also spread via phishing emails.
Here is the list of the most popular malware in 2020, according to Check Point:
- Emotet: an advanced, self-propagating and modular trojan. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection.
- Trickbot: a dominant banking trojan constantly being updated with new capabilities, features and distribution vectors.
- Formbook: an info-stealer that harvests credentials from various web browsers, collects screenshots, monitors, and logs keystrokes.
- Dridex: a trojan that targets the Windows platform and is reportedly downloaded via a spam email attachment.
- XMRig: an open-source CPU mining software used for the mining process of the Monero cryptocurrency.
- Qbot: a banking Trojan designed to steal users banking credentials and keystrokes.
- Hiddad: an Android malware which repackages legitimate apps and then releases them to a third-party store.
- RigEK: delivers exploits for Flash, Java, Silverlight, and Internet Explorer.
- Ramnit: a banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.
- Glupteba: a backdoor which gradually matured into a botnet.
Trickbot that comes second after Emotet, is also constantly updated with new capabilities and features. And also like Emotet, Trickbot has become more than just a banking trojan.
Formbook that comes third on Check Point's list, is sold on dark web forums at relatively low cost but provides cyber criminal users with everything they need for a powerful information stealing campaign.
According to Check Point, Trickbot and Formbook campaigns were detected attempting to infiltrate the networks of 4% of organizations around the world each.













































































































































































































































































































































































