Thursday, December 5, 2024
No menu items!

Rig Makes List of ‘Most Wanted’ Malware in Africa

Must Read
After several months in decline, Exploit kit infections show sharp uplift and deliver a variety of threats, says Check Point. (Image source: Business Advice UK)
After several months in decline, Exploit kit infections show sharp uplift and deliver a variety of threats, says Check Point. (Image source: Business Advice UK)

Check Point Software Technologies has taken note of an increase in Exploit Kit usage by cybercriminals worldwide, with Rig making its way onto the list of top ten threats in Kenya and Nigeria according to the company’s March Global Threat Impact Index.

Rig delivers exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript, which then checks for vulnerable plug-ins and delivers the exploit. Terror was first detected at the start of December 2016 and contained eight different operational exploits. Both Rig and Terror have been witnessed delivering a wide variety of threats, from ransomware and banking Trojans to spambots and BitCoin miners.


Exploit Kits, which are designed to discover and exploit vulnerabilities on machines in order to download and execute further malicious code, have been in decline since a high point in May 2016, following the demise of the leading Angler and Nuclear variants. However, March saw the Rig EK surge up the rankings, being the second most-used malware worldwide throughout the period. The Terror Exploit Kit also increased dramatically in usage in March and was just one place from making it into the monthly top ten list.

Ransomware proved one of the most profitable tools at cybercriminals’ disposal throughout 2016, and with popular Exploit Kits now being used to deliver it, the threat shows no sign of dying down. The fact that three African countries, including Zambia, Malawi and Uganda, are still in the top ten of Check Point’s Threat Index, which measures risk by country, is even greater cause for concern.

March 2017’s Top 3 ‘Most Wanted’ Malware in Kenya:

1. Sality – Family of file infectors spread by infecting .exe and .scr files and via removable drives and network shares. Systems infected with Sality can communicate over a peer-to-peer (P2P) network for spamming purposes, proxying of communications, and to compromise web servers, exfiltrate sensitive data and coordinate distributed computing tasks to process intensive tasks.

2. Necurs – Botnet used to distribute many malware variants, mostly banking trojans and ransomware. It usually spreads malware based on massive spam campaigns, with zip attachments containing malicious JavaScript code.

3. Hiddad – Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is displaying ads, however, it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.

March 2017’s Top 3 ‘Most Wanted’ Malware in Nigeria:

1. Virut – Botnet and malware distributor used in DDoS attacks, spam distribution, data theft and fraud. The malware is spread through infected devices such as USB sticks as well as compromised websites and files.

2. Sality – Family of file infectors spread by infecting .exe and .scr files and via removable drives and network shares. Systems infected with Sality can communicate over a peer-to-peer (P2P) network for spamming purposes, proxying of communications, and to compromise web servers, exfiltrate sensitive data and coordinate distributed computing tasks to process intensive tasks.

3. Gamarue – Modular bot with a loader which downloads additional modules from its C&C server. The loader has both anti-VM and anti-debug features. It injects into trusted processes to hide itself and then deletes the original bot. Infected machines can be harvested for financial credentials and also become part of a large botnet. Gamarue spreads by infecting removable drives such as USB drives or portable hard disks.

Rick Rogers, Area Manager for East and West Africa at Check Point Software Technologies commented: “The dramatic resurgence of Exploit Kits in March illustrates that older threats don’t disappear forever – they simply go dormant and can be quickly redeployed. It is always easier for malicious hackers to revisit and amend existing malware families and threat types rather than develop brand new ones, and Exploit Kits are a particularly flexible and adaptable threat type. To deal with the threat from Rig, Terror and other Exploit Kits, organisations need to deploy advanced security systems across the entire network, such as Check Point’s SandBlast™ Zero-Day Protection and Mobile Threat Prevention.”

Staff Writer

- Advertisement -

How Fintech is Changing: Insights from Clinton Leask of Pay@

With today’s modern consumer demands, brands know that every touchpoint in the consumer journey is critically important. This is...
Latest News
- Advertisement -

More Articles Like This

- Advertisement -