ReliaQuest reveals top malware threats in 2024 Q2 analysis
ReliaQuest has published an analysis of the top five malware variants it observed during the second quarter of 2024. The identified malware includes LummaC2, Rust-based info stealers, SocGholish, AsyncRAT, and Oyster.
LummaC2, first advertised on cybercriminal forums in December 2022 by a vendor known as Shamel, is an information-stealing malware targeting Windows operating systems. The malware can extract data from multiple browser types. According to ReliaQuest's data, there has been a significant increase in LummaC2 activity. Specifically, the GreyMatter Digital Risk Protection (DRP) detected more than 21,000 listings involving LummaC2 on the Russian Market between April and July 2024. This indicates a 51.9% increase from the first quarter of 2024 and a 71.7% rise compared to the second quarter of 2023.
Another significant trend observed during this period was the rise of Rust-based info stealers. Variants like Fickle Stealer and Rusty Stealer are noteworthy. ReliaQuest reported a nearly 3000% increase in cybercriminal forum posts discussing stealer malware written in Rust from 2022 to August 2024.
SocGholish, also known as FakeUpdates, is a remote access trojan (RAT) that masquerades as a fake browser update to deceive users into downloading and executing it. SocGholish was the most frequently observed malware in critical customer incidents throughout 2023 and continues to be prevalent into 2024. In July 2024, security researchers noted that SocGholish was being used to provide initial access to victims for RansomHub, a ransomware-as-a-service (RaaS) group that recruits affiliates.
AsyncRAT, which has been active since 2018, is another significant malware noted in ReliaQuest's report. It is a sophisticated RAT intended to facilitate remote monitoring and control of computers through a secure, encrypted connection. AsyncRAT ranks as the third most prevalent malware in critical customer incidents for the second quarter of 2024, following SocGholish and LummaC2.
The fifth malware identified is Oyster, also known as Broomstick or CleanUpLoader. It was first identified in September 2023 and is delivered through fake websites claiming to host legitimate software. Oyster is associated with the Russia-linked threat group Wizard Spider, which is also responsible for the TrickBot malware. The increasing mentions of Oyster in cybersecurity reports during 2024 and its first appearance in ReliaQuest's critical incidents in the second quarter of 2024 suggest its growing popularity. This indicates that Oyster will likely become more widespread over the next several months to a year.
This analysis by ReliaQuest highlights the evolving nature of cybersecurity threats and the growing sophistication of malware variants. The data underscores the importance of staying vigilant and continuously updating cybersecurity measures to safeguard systems against these persistent and emergent threats.