Who they are and what damage they cause: here is an updated list for the first half of this year to find out everything about the cyber threats present in Italy.
A list updated as of June 2023
Qbot
Qbot aka Qakbot is a multifunctional malware that originally appeared in 2008. It is designed to steal a user’s credentials, record keystrokes on the keyboard, steal cookies from browsers. Also spy on online banking activities and install additional malware. Often spread through spam messages. Qbot adopts various anti-VM, anti-debug and anti-sandbox techniques to hinder analyzes and bypass detections.
Blindingcan
Blindingcan is a new Remote Access Trojan (RAT) made by the fearsome Lazarus Group of North Korea. The attackers use different techniques to decompress and execute a variation of the Hidden Cobra RAT. The malware contains built-in functions for remote operations that provide various capabilities on the victim’s system.
Formbook
Formbook is an Infostealer targeting Windows operating systems first discovered in 2016. In underground forums it is proposed as Malware-as-a-Service (MaaS) for its robust fulfillment techniques and relatively low cost. It steals credentials from different browsers, takes screenshots, monitors and logs keystrokes. It can also download and execute files according to the orders received from its C&C.
Guloade
Guloader has been a widely used downloader since December 2019. When it first appeared, GuLoader was used to download Parallax RAT. It has also been applied to other remote access trojans and infostealers such as Netwire, FormBook, and Agent Tesla.
Lokibot
First identified in February 2016, LokiBot is an infostealer by commercial type with versions for Windows and Android operating systems. It collects credentials from a variety of applications, web browsers, email clients, IT administration tools like PuTTY and more. LokiBot is sold on hacking forums and its source code is believed to have been leaked, thus allowing numerous variants to appear. Since late 2017, some Android versions of LokiBot include ransomware capabilities in addition to their information-stealing capabilities.
What are the main cyber threats in Italy
The emotion
Emotet is an advanced modular trojan capable of self-propagation. Once used as a banking trojan, it has recently become a distribution vehicle for other malware or attack campaigns. Leverage multiple methods to make yourself persistent and multiple evasion techniques to stay undetected. It can also spread through phishing emails containing dangerous attachments or links.
XMRig
XMRig is an open-source CPU mining software used for mining the Monero cryptocurrency. Threat actors often abuse this open-source software by integrating it into their malware to conduct illegal mining on victim devices.
Ursnif
Ursnif is a variant of the banking Trojan Foreskin for Windows, whose source code was leaked online. It has man-in-the-browser capabilities to steal banking information and credentials for popular online services. Furthermore, it is capable of stealing information from local email clients, browsers and cryptocurrency wallets. Finally, it can download and execute additional files on the infected system.
Cyber threats in Italy, what are the main ones and what they do
Remcos
RAT first appeared in 2016. Remcos is spread through malicious Microsoft Office documents, attached to SPAM emails. Designed to bypass Microsoft Windowss UAC protection and run malware with high-level privileges.
XLoader
XLoader is an Android spyware and banking trojan developed by the Yanbian Gang, a group of Chinese hackers. This malware uses DNS spoofing to distribute infected Android applications and collect personal and financial information