Cybersecurity Agencies Reveal Top Malware Strains of 2021

The Cybersecurity Advisory (CSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory highlighting the top malware strains of 2021 on August 4, 2022. The report was grouped under the Alert (AA22-216A) on the CISA website.

The joint report provided the malware names, descriptions, and advisory protocols for the malware variants seen in 2021. The report also shared mitigations companies can opt to protect themselves against malware attacks.

CISA and ACSC reveal the top malware strains of 2021

According to the report, throughout the course of the previous five years, numerous malware strains spread into multiple iterations of harmful programs. The top strains include remote access Trojans (RATs), ransomware, banking Trojans, and more.

These malware programs are highly profitable for cybercriminals, who use them to extract sensitive information from public and private domains. The report listed these 11 malware strains of 2021 along with their type, active Year, and delivery method.

Agent Tesla

Agent Tesla has been active since 2014 and is a RAT-type malware. It steals data from web browsers, File Transfer Protocol (FTP) servers, and mail clients. It is usually delivered through a phishing email as a malicious attachment.

NanoCore

This is another RAT-type malware used for stealing passwords and emails. It has been active since 2013 and is a serious threat to computers. This malware can activate the victim’s webcams and can be delivered through emails, ISO disk images, ZIP files, and PDFs.

AZORult

The Trojan-type malware can steal sensitive information and has been a go-to product sold on underground hacker forums. AZORult has been active since 2016 and can be delivered through phishing, exploit kits, and dropper malware.

FormBook

Known for stealing passwords, FormBook, a Trojan-type malware, has been active since 2016 and primarily popularized through advertisements in hacking forums. It can be delivered to victims’ systems using phishing emails.

LokiBot

With multiple aliases, like Lokibot, Loki PWS, and Loki-bot, this Trojan-type malware steals sensitive information, including user’s website credentials, cryptocurrency wallet logins, and more. LokiBot has been known since 2015 and is actively involved in phishing attacks.

MOUSEISLAND

The Macro downloader-type malware is usually found embedded within the macros of a Word file. Known for being a young malware in its initial phase, MOUSEISLAND has been active since 2019, and the only known source for distribution is an email attachment.

Qakbot

Previously known as the banking Trojan, Qakbot has evolved over the years and is now capable of moving and exfiltrating data with its most potent point of delivering payloads. It has been active since 2007 and can be provided to victim’s systems through various methods, including hyperlinks, email attachments, and embedded images.

Remcos

Initially reserved as a legitimate tool to manage penetration testing remotely, Remcos was used as a RAT-type malware in mass phishing champions to steal sensitive data and login credentials during the COVID-19 pandemic. Though it has been used as a pen test since 2016, several hacker groups have used it in phishing attacks via gaining administrator privileges and bypassing antivirus programs.

TrickBot

This is another Trojan-type malware that has been active since 2016. It can form botnets and enable access points for Conti ransomware or Ryuk banking trojans. TrickBot previously targeted the Healthcare and Public Health (HPH) Sector in 2020. This malware builds up inside a system using a simple email hyperlink as the entry point.

GootLoader

CISA and ACSC listed GootLoader as the last malware in the “Top malware strains of 2021” report. Known for being associated with the GootKit malware since 2020, this Loader-type malware is capable of leveraging search engine poisoning. It can rank a website on search engines and even inject malicious codes and downloadable files on compromised websites already ranking higher.

Mitigations for handling malware attacks

In the “Top malware strains of 2021” report by CISA and ACSC, the joint advisory recommended organizations improve their cybersecurity posture. Based on several factors, information, and adversary tactics, CISA and ACSC urged companies to follow these five mitigation steps to protect themselves against malware attacks.

1. Updating software on operating systems, firmware, applications, and IT assets.
2. Enforce MFA (Multi-factor authentication) across the accounts.
3. Secure and monitor (Remote Desktop Protocol).
4. Make offline backs of data at regular intervals.
5. Provide end-user awareness and training for employees.