An updated variant of the Valak malware family earned a place on a security firm’s “most wanted malware” list for the first time.
Check Point revealed that an updated version of Valak ranked as the ninth most prevalent malware in its Global Threat Index for September 2020.
First detected back in 2019, Valak garnered the attention of Cybereason in May 2020 for its ability to function beyond a malware loader and independently operate as an information stealer.
That was just a month before SentinelOne observed Valak using “clientgrabber,” a plugin which enabled the malware to steal email credentials from the registry. The security firm also noted that it had seen some connections between the Gozi ConfCrew and Valak.
At the beginning of July 2020, Cisco Talos revealed that it had witnessed Valak using stolen email threads and password-protected .ZIP archives to target organizations in the financial, manufacturing, health care and insurance sectors.
September 2020 marked the third successive month of Emotet’s run at the top of Check Point’s Global Threat Index. Meanwhile, the Qbot trojan rose from 10th place to 6th place that same month.
Check Point urged organizations to actively respond to these developments by safeguarding their information. As quoted in a blog post:
These new campaigns spreading Valak are another example of how threat actors look to maximize their investments in established, proven forms of malware. Together with the updated versions of Qbot which emerged in August, Valak is intended to enable data and credentials theft at scale from organizations and individuals. Businesses should look at deploying anti-malware solutions that can prevent such content reaching end-users, and advise their employees to be cautious when opening emails, even when they appear to be from a trusted source.
Towards those ends, organizations can use Tripwire File Analyzer to evaluate suspicious files in quarantined environments and receive detailed reports about relevant system changes. They can also use these tips to educate their employees about the dangers of phishing attacks.