Home > Top 10 > Top 10 Malware Currently Infecting Users Worldwide

Top 10 Malware Currently Infecting Users Worldwide

Crypto mining has proven to be one of the major threats of 2017, with the tendency to continue to be so in 2018. Cryptocurrency miners’ impact on user machines is quite destructive.

Researchers found out that miners such as the Coinhive Monero miner can use up to 65% of CPU. In addition, new statistics recently revealed that 2,531 of the top 3 million websites are running the Coinhive miner, which amounts to 1 in 1,000 websites.

Crypto miners are not the only threat out there. Malware campaigns such as RoughTed and ransomware such as Locky continue to be prevalent. That being said, Check Point researchers have gathered intelligence on the top 10 malware threats invading users worldwide from September up to now.

1. RoughTed

RoughTed is a large-scale malvertising campaign which saw a peak in March this year but has been active for at least over a year. Both Windows and Mac operating systems are targeted, as well as iOS and Android. The operation is quite rare in its comprehensiveness, having used a variety of malicious approaches from exploit kits to online scams such as fake tech support scams, fake updates, rogue browser extensions, and so on.

Related Story: RoughTed Malvertising Campaign Defeats Ad-Blockers

2. Locky Ransomware

Locky ransomware has been around since February 2016, and during this period several iterations appending different extensions have appeared. The ransomware mainly spreads via spam emails which contain a downloader disguised as a Word or Zip attachment. The ransomware’s latest iteration is the so-called .asasin file virus, which appends the .Asasin extension to all encrypted files.

Related Story: .Asasin File Virus (Locky) – Remove It and Restore Files

3. Seamless

Seamless is a Traffic Distribution System (TDS), which operates by silently redirecting the victim to a malicious web page, leading to infection by an exploit kit. Successful infection will allow the attacker to download additional malware from the target, Check Point researchers said.

More specifically, the Seamless campaign, which has been active since February 2017 or earlier, has been using the Ramnit Trojan as a payload. However, in many cases the Ramnit payloads would be set to download additional malware on infected machines.

4. Conficker

Despite its lengthy life-span, this infamous worm continues to infect computers. The worm enables cybercriminals to operate remotely to download malware. Infected machines are controlled by a botnet.

Related Story: German Nuclear Plant Hit by W32.Ramnit and Conficker Worms

5. Zeus Trojan

The Zeus Trojan is still spread on a large scale via the RIG Exploit Kit. That new version is dubbed “Chthonic” and it first emerged a couple of years ago, when it hit 150 banks all over the world. This activity is still ongoing.

6. CoinHive

Coinhive was created in September, 2017. The software basically allows Monero mining directly within a browser. As explained by the developers of the software, Coinhive offers a JavaScript miner for the Monero Blockchain that can embed in a website. Users of the website run the miner directly in their browser and mine XMR for the website owner in turn for an ad-free experience, in-game currency or whatever incentives you can come up with.

Related Story: How to Remove Coinhive Monero Miner Trojan from Your PC

7. Ramnit

The famous banking Trojan designed to steal banking credentials, FTP passwords, session cookies and personal details is still active in the wild.

8. Fireball

According to Check Point researchers, Firewall has been developed by a Chinese digital marketing company Rafotech.

It has been designed to hijack the victim’s browser and replacing his search engine with a fake one, and setting its own homepage. In addition to this typical browser hijacking behavior, Fireball is also capable of downloading other malware, bypassing anti-malware detection and using command-and-control techniques.

9. Pushdo

Pushdo is a Trojan that infects a system and then downloads the Cutwail spam module on infected systems. The latter can be leveraged to download third party malware.

10. Andromeda

Andromeda is a modular botnet often deployed as a backdoor to distribute additional malware. It can also be modified to create various types of botnets.

Keep in mind that the malware pieces listed above are currently active in the wild meaning that, to avoid infections, strong anti-malware protection is needed on every system.


Malware Removal Tool

SpyHunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree