Dangerous attachments, fake apps. How PCs and mobiles are most often infected

According to the anti-virus company Eset, the Agent Tesla malware has been ruling the statistics of the most widespread threats for a long time. It is a typical representative of spy malware – so-called spyware, which focuses on stealing passwords.

Most often, this uninvited visitor has spread recently through spam emails. In the past month, these were messages with the attachment “RFQ_C3682402292141.exe”, in a smaller number also in the attachments “Poptavka 00413_pdf.exe” or “thank you letter.docx.exe”.

It is the ending of the executable file .EXE that should be the main warning for users that they should not click on the attachment at all and on the contrary they should delete the e-mail immediately.

Experts sound the alarm, the banking virus is gaining strength in the Czech Republic

Safety

This is also true of other viruses that have attacked the Windows platform. For example, in the past month, Formbook, which was distributed in an attachment called “RFQ RT1120 #10324.exe”, took second place. This uninvited visitor can do the same mischief as Agent Tesla on the compromised machine, it also belongs to the category of spy viruses that focus on stealing passwords.

The trefoil of the most widespread threats for Windows is rounded off by the AsyncRAT Trojan horse. It belongs to the category of so-called RAT viruses. The name is quite apt, as the abbreviation hides the English designation “remote administration tool”, i.e. remote administration tool in Czech. This probably best describes how these malicious codes behave in practice.

It is the range of functions that attackers can use that makes this uninvited visitor very dangerous.

In the past month, it was most often spread through the attachment “RFQ RT1120 #10324.exe”.

The situation is different within the Android mobile platform. In the case of Google’s system, malware is not spread most often through unsolicited e-mails, cybercriminals bundle it with fake applications. For example, Andreed adware, which was the most widespread threat ever in the past month, was hidden in the fake game Interstellar Pilot 2.

“It continues to be the case that downloading outside of official stores and distribution points today is practically always a guarantee that we will download malicious code in addition to the game or various tools,” warned Martin Jirkal, head of the analytical team at Eset’s Prague branch.

Andreed belongs to the malicious code of the adware type. Therefore, the attackers do not try to steal any sensitive data through it, but they display excessive advertising on the attacked machine, from which they subsequently profit. Adware attacks are not as devastating as in the case of extortion viruses or similarly insidious malicious codes, but they can still make the use of phones and tablets very unpleasant.

The second row belongs to the Agent.HQS dropper, which most often pretended to be pirated copies of MX Player or Ultimate USB applications. At the same time, droppers have only one task on the attacked device, which is to install additional malicious code on the device. In essence, these are hackers who open a back door for attackers into the attacked system.

The Cerberus banking malware, which ranks third in the Android virus statistics, did not spread only through one specific application, but used a whole galaxy of fake versions of racing games.

This uninvited visitor has only one task – to connect to mobile applications and rob their victims of money. The uninvited visitor has several dangerous functions that serve to rob the victim. One of the modules can read credentials from legitimate bank websites and send them to attackers. Other functions are used to read SMS codes and bypass two-step verification, including Google Authenticator.

Smishing is going full speed in the Czech Republic. And it will get worse

Safety