Top Malware Strains and How to Mitigate Them
- by Justice Levine

2022 was a year of seismic events, including the Russian-Ukrainian war and economic downturns, as well as the ongoing pandemic. These events had a significant impact on global businesses that were also affected by cybersecurity threats.
The cyber threat landscape was dominated by several high-profile cyberattacks, including Follina and Log4Shell exploits. These attacks serve as evidence that threat actors are not only keeping up with cybersecurity trends, but also have the latest technology to attack organizations. The US Cybersecurity and Infrastructure Security Agency (CISA) and Australian Cyber Security Centre have selected 11 malware families as their top threats. This list includes malware that has changed over the past 10 years, including banking trojans and remote access trojans. This article will discuss each top malware strain, how they may be delivered to your business, and tips for minimizing risks.
Top Malware Strains
Malware is malicious software that can harm computer systems. Some of the most common strains include:
Agent Tesla
Agent Tesla is a Remote Access Trojan (RAT) that is often delivered via phishing emails or malicious attachments. It is primarily used to steal sensitive information such as login credentials, keystrokes, and system information. The malware is capable of capturing screenshots, recording keystrokes, and stealing clipboard data. It can also disable anti-virus software and create backdoors for further attacks.
AZORult
AZORult is another RAT that is typically delivered through spam emails or as a payload in exploit kits. Once installed on a victim's computer, it can steal sensitive information such as passwords, cookies, and cryptocurrency wallets. It can also download additional malware and act as a backdoor for further attacks.
FormBook
FormBook is a keylogger and data stealer that is primarily delivered through phishing emails or malicious downloads. Once installed on a victim's computer, it can capture keystrokes, take screenshots, and steal sensitive information such as passwords, credit card numbers, and browser history. It is often used in targeted attacks against individuals and businesses.
Ursnif
Ursnif, also known as Gozi, is a banking Trojan typically delivered through spam emails or exploit kits. Once installed, it can steal banking credentials, login credentials, and other sensitive information. It is often used in targeted attacks against financial institutions and their customers.
LokiBot
LokiBot is a password and data stealer that is typically delivered through spam emails or as a payload in exploit kits. It can steal login credentials, credit card numbers, and other sensitive information. It is also capable of downloading additional malware and acting as a backdoor for further attacks.
MOUSEISLAND
MOUSEISLAND is a RAT that is typically delivered through phishing emails or as a payload in exploit kits. It can steal sensitive information such as passwords, login credentials, and system information. It is also capable of downloading additional malware and acting as a backdoor for further attacks.
NanoCore
NanoCore is a RAT that is typically delivered through phishing emails or as a payload in exploit kits. Once installed, it can steal sensitive information such as login credentials, system information, and keystrokes. It is also capable of downloading additional malware and acting as a backdoor for further attacks.
QakBot
QakBot, also known as QBot, is a banking Trojan that is typically delivered through spam emails or exploit kits. It can steal banking credentials, login credentials, and other sensitive information. It is often used in targeted attacks against financial institutions and their customers.
Remcos
Remcos is a RAT that is typically delivered through phishing emails or as a payload in exploit kits. Once installed, it can steal sensitive information such as login credentials, system information, and keystrokes. It is also capable of downloading additional malware and acting as a backdoor for further attacks.
TrickBot
TrickBot is a banking Trojan typically delivered through spam emails or exploit kits. It can steal banking credentials, login credentials, and other sensitive information. It is often used in targeted attacks against financial institutions and their customers.
GootLoader
GootLoader is a downloader that is typically delivered through spam emails or malicious websites. It can download additional malware such as ransomware or banking Trojans. It is often used in targeted attacks against individuals and businesses.
In a 2021 advisory, CISA said, “Most of the top malware strains have been in use for more than five years with their respective code bases evolving into multiple variations. The most prolific malware users are cyber criminals, who use malware to deliver ransomware or facilitate the theft of personal and financial information."
CISA’s Recommended Mitigations
CISA issued recommendations for organizations to improve their cybersecurity posture based on known adversary tactics, techniques, and procedures (TTPs) including:
- Update software, including operating systems, applications, and firmware, and prioritize patching known exploited vulnerabilities and critical/high-severity vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment.
- Consider using a centralized patch management system and vulnerability scanning to reduce exposure to threats.
- Enforce MFA to the greatest extent possible and require strong passwords for accounts with password logins, including service accounts. Do not allow passwords to be used across multiple accounts or stored on a system accessible to adversaries.
- Secure and monitor potentially risky services like RDP closely, as RDP exploitation is a top initial infection vector for ransomware. Limit access to resources over internal networks, especially by restricting RDP and using the virtual desktop infrastructure.
- Ensure devices are properly configured and that security features are enabled. Disable ports and protocols that are not being used for business purposes.
- Maintain offline backups of data, conduct backup procedures on a frequent, regular basis (at a minimum every 90 days), and ensure backups are isolated from network connections that could enable the spread of malware.
- Provide end-user awareness and training to help prevent successful targeted social engineering and spear phishing campaigns, as phishing is one of the top infection vectors for ransomware.
- Ensure employees are aware of potential cyber threats and delivery methods, and know what to do and whom to contact when they receive a suspected phishing email or suspect a cyber incident.
Increase Cloud Email Attachment and Malware Protection
By preparing yourself properly, you can significantly reduce the cost and impact of an attack. You can also reduce the chances of email threats and minimize any damage caused by implementing stronger cybersecurity best practices. Some of these practices include:
Strengthen Your Email Security Strategy
Many companies think that just having endpoint security is enough to keep their data safe. Endpoint security is a good start, but it can't protect against new threats that are emerging. Businesses must have additional layers of protection in place and experts who can monitor and mitigate issues. This extra protection needs to be able to learn and adapt to new threats, and provide the information and insights needed to make educated decisions.
Protect Email With Sender Authentication
Sender authentication is a way to ensure that the email you receive is actually from the person or company that it claims to be from. This helps protect your email account from phishing and email fraud. Sender authentication can be implemented via three standards and protocols: SPF, DKIM, and DMARC. SPF helps prevent people from pretending to be someone else when they send an email. DKIM checks that the email you receive hasn't been changed or faked. DMARC combines SPF and DKIM to give domain owners more control over how their emails are handled.
Invest in Fully-Managed Email Security Services
Fortifying business email against advanced attacks requires that organizations have a fully-managed email security solution with various layers of proactive protection in place. This solution must be designed to protect against specific threats, provide the level of expertise and support needed to safeguard sensitive data and detect and block threats in real-time.
Ukraine Suffers Malware Attacks As War Continues
The cyber war between Russia and Ukraine escalated, with the Ukrainian government experiencing a surge in cyberattacks. A recent attack involved the infamous information-stealing malware strain, AgentTesla, which was delivered through a lure JPEG thumbnail related to the Russia-Ukraine war. The thumbnail referenced the Operational Command South (OC South), a Ukrainian military formation in the southern part of the country. Once the PPT file containing the malware was opened and the macro enabled, the malware spread to the targeted system, stealing credentials from web browsers and software programs like Microsoft Outlook.
This is not the first time Ukrainian government entities have been targeted with information-stealing malware. The UAC-0041 hacking collective was previously linked to the delivery of the AgentTesla spyware Trojan in earlier malicious operations against Ukraine. The latest attack also comes on the heels of a phishing campaign by the UAC-0056 group, which delivered Cobalt Strike Beacon.
Keep Learning About Malware Strains
Although different malware variants have different methods for spreading and infecting computers, the vast majority of malware is delivered via email. Because email plays a pivotal role in business and society, we are all at risk of getting hit with malware. Luckily, by implementing the tips and best practices shared in this article, you can mitigate the risk that malware poses to your business.
- Learn more about an effective email security solution that understands the relationships you have with other people while gaining a more profound knowledge of the types of conversations you have with them.
- Prepare your business for cyberattacks to make sure employees stay safe online.
- Improve your email security posture to protect against attacks and breaches by following best practices.
- Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
- Get the latest updates on how to stay safe online.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself in 2023
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know in 2023
- Complete Guide to Email Viruses & Best Practices to Avoid Infections in 2023
- How Phishing Emails Bypass Microsoft 365 Default Security
Latest Blog Articles
- What To Prioritize In Ransomware Protection
- Cybersecurity Mistakes That Could Cost You Your Job
- Top Microsoft 365 Security Concerns & How To Overcome Them
- Why Cybercrime Continues to Thrive, And What You Can Do About It
- Top Malware Strains and How to Mitigate Them
- What is the Difference Between SIEM and SOAR?
- SPF, DKIM & DMARC: What Are They & How Do They Secure Email Against Sender Fraud?
- Assessing the ROI of Your Email Security Solution
- What is a Brute-Force Attack?
- How Guardian Digital Stops Impersonation Attacks