The Trickbot botnet malware that often distributes various ransomware strains, continues to be the most prevalent threat as its developers update the VNC module used for remote control over infected systems.
Its activity has been increasing constantly since the complete disruption of the Emotet botnet in January, which acted as a distributor for both Trickbot and other high-profile threat actors.
Most prevalent threat
Trickbot has been around for almost half a decade and transitioned from a banking trojan to one of the largest botnets today that sells access to various threat actors.
Some of the ransomware operations using this botnet for network access include the infamous Ryuk, Conti, REvil, as well as a new one called Diavol, the Romanian for Devil.
Since Emotet’s takedown by law enforcement, Trickbot activity started to increase to such levels that in May it was the most prevalent malware on Check Point’s radar.
The malware maintained its position this month, too, the cybersecurity company notes in a report today, adding that Trickbot’s maintainers are constantly working to improve it.
According to Check Point’s telemetry, Trickbot impacted 7% of organizations across the world, followed by the XMRig cryptocurrency miner the Formbook info stealer, which affected 3% of the organizations that Check Point monitors worldwide.