December 2018’s Most Wanted Malware: Where there’s SmokeLoader, there’s Fire January 14, 2019 https://blog.checkpoint.com/2019/01...alware-smokeloader-crypto-malware-ransomware/ Spoiler: December 2018’s Top 10 ‘Most Wanted' December 2018’s Top 10 ‘Most Wanted’: *The arrows relate to the change in rank compared to the previous month. ↔ Coinhive – Cryptominer designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s knowledge or approval, and without sharing the profits with the user. The implanted JavaScript uses great computational resources of the end users to mine coins and might crash the system. ↑ XMRig – Open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017. ↑ Jsecoin – JavaScript miner that can be embedded in websites. With JSEcoin, you can run the miner directly in your browser in exchange for an ad-free experience, in-game currency and other incentives. ↓ Cryptoloot – Cryptominer, using the victim’s CPU or GPU power and existing resources for cryptomining – adding transactions to the blockchain and releasing new currency. It is a competitor to Coinhive, trying to pull the rug under it by asking a smaller percentage of revenue from websites. ↑ Emotet – Advanced, self-propagate and modular Trojan. Emotet once used to employ as a banking Trojan, and recently is used as a distributor to other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links. ↑ Nivdort – Multipurpose bot, also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, thus making each file unique. ↓ Dorkbot – IRC-based Worm designed to allow remote code execution by its operator, as well as the download of additional malware to the infected system. ↑ Ramnit – Banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data. ↑ Smokeloader – Second-stage downloader for windows which is used to download other malwares or other plugins. Smokeloader uses various anti-analysis tricks that is used for deception and self-protection. Smokeloader is commonly used to load a lot of known families, including the Trickbot trojan, Azorult infostealer and Panda banker. ↑ Authedmine – A version of the infamous JavaScript miner CoinHive. Similarly to CoinHive, Authedmine is a web-based crypto miner used to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s knowledge or approval the profits with the user. However unlike CoinHive Authedmine is designe to require the website user’s explicit consent before running the mining script.
SmokeLoader campaign distributes new Laplas Clipper malware By Pierluigi Paganini - November 8, 2022 Cyble: New Laplas Clipper Distributed Via SmokeLoader
