The September 2023 Global Threat Index from Check Point cybersecurity researchers has unveiled notable shifts in the cybersecurity threat landscape. Within the report, a prominent focus is placed on a substantial phishing attack that impacted numerous organizations in Colombia.
This incident led to the proliferation of the Remcos Remote Access Trojan (RAT) malware and marked the ascent of Formbook as a dominant malware strain, following the decline of Qbot.
What is Formbook?
Formbook is a type of malware, specifically a form-grabber and keylogger, that is designed to steal sensitive information from infected computers. It primarily targets Windows operating systems.
It is known for its ability to capture data entered into web forms, such as login credentials, credit card information, and other personal details, as well as keystrokes made by the user.
It’s worth highlighting that in August 2023, the FBI successfully intervened to disrupt Qbot, which also goes by the names Qakbot and Pinkslipbot, after it had infected 700,000 computers globally.
However, despite this intervention, a recent report by the Cisco Talos Intelligence Group has unveiled that the threat actors behind Qbot are still active. They have shifted their focus to distributing a fresh malware variant called Ransom Knight.
In September, Check Point found a major phishing campaign in Colombia targeting 40+ prominent businesses, aiming to silently install Remco’s RAT on victim computers.
In September, Remcos was the second most prevalent malware, known for its sophistication and full control over infected systems, leading to serious consequences like data theft, additional malware infections, and account takeovers.
Maya Horowitz, VP of Research at Check Point Software, emphasized the need for cyber resilience in the face of aggressive evasion techniques employed by hackers in the Colombian campaign.
The Official Global Threat Index for September highlighted a notable reshuffling of the malware rankings, with Formbook, an Infostealer targeting Windows operating systems, claiming the leading position, impacting organizations across the globe at a rate of 3%.
Initially identified in 2016, the Formbook data-stealing malware has garnered attention as a service (Malware as a Service – MaaS) within underground hacker communities, owing to its formidable evasion techniques and affordable pricing. Its functionalities encompass extracting certificates from web browsers, taking screenshots, recording keystrokes, and executing files upon the attacker’s directives.
The most notable shift in the malware landscape occurred with Qbot’s exit from the top malware rankings. In August, the FBI seized control of the Qbot network, effectively ending its prolonged dominance as the most prevalent malware for much of 2023.
Nevertheless, considering that the group behind Qbot remains active and has started disseminating new malware, the significance of disrupting the malware’s infrastructure may have been somewhat mitigated.