"3 Malware Loaders Detected in 80% of Attacks: Security Firm"

According to security researchers at ReliaQuest, QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders among cybercriminals, accounting for 80% of the observed attacks.  The researchers noted that from January 1 to July 31, 2023, QakBot was responsible for 30% of the observed incidents, SocGholish for 27%, and Raspberry Robin for 23%.  The researchers stated that not all observed incidents resulted in network compromise, as the loader was detected and stopped before it could cause problems.  QuakBot has been active since 2009 and was initially a banking trojan but later evolved into a malware loader that can deploy additional payloads, steal sensitive information, and enable lateral movement.  SocGholish has been active since at least 2018 and is deployed via drive-by downloads, using a wide network of compromised websites offering fake updates.  The researchers noted that during the first half of 2023, SocGholish’s operators were observed conducting aggressive watering hole attacks, leveraging the compromised websites of large organizations.  A Windows worm initially observed in September 2021, Raspberry Robin, mainly spreads via removable devices, such as USB drives, and has been linked to various threat actors, including Evil Corp and Silence.  The researchers noted that in addition to these three loaders, Gootloader, Chromeloader, Guloader, and Ursnif were also highly active during the first seven months of the year.

SecurityWeek reports: "3 Malware Loaders Detected in 80% of Attacks: Security Firm"