India sees sharp rise in malware attacks in first half of 2023: Report

India has seen a sharp increase in the number of malware attacks in the first six months of 2023, a month-on-month spike in the number of attacks, according to a report published on Tuesday by cyber security firm Checkpoint. The researchers, while digging on the top malware for the month of June, said that healthcare, education and research, utilities, insurance and government occupying the top five spots as the most exploited industries in the country.

Checkpoint researchers also said that Qbot, a banking Trojan has been touted as the most prevalent malware in first half of 2023, with 12.29% of organisations in India were hit by this malware in the month of June, much higher than the global average of 7%.

Qbot, which initially emerged in 2008 as a banking Trojan, has undergone consistent development, acquiring additional functionalities for the purpose of stealing passwords, emails, and credit card details. It is commonly propagated through spam emails and its primary role is to act as a loader for other malware and establish a presence within targeted organisations, serving as a stepping stone for ransomware group operators.

XMRig, an open-source CPU mining software used to mine the Monero cryptocurrency also hit 7.32% of Indian organisations as against 2.43% businesses globally. Threat actors often abuse this open-source software by integrating it into their malware to conduct illegal mining on victim’s devices, the study said.      

Another malware that made its way to the top of the malware list for the first time, after being detected last month is the mobile Trojan SpinOk, a trojanized software development kit (SDK). The ransomware hit the headlines following a zero-day vulnerability in file sharing software, MOVEIt.

The mobile malware has so far amassed 421 million downloads, researchers said, adding that, SpinOk is used by numerous popular apps for marketing purposes, this malicious software has infiltrated highly popular apps and games, some of which were available on the Google Play Store.

Other malware families including Phorpiex, Emotet, Formbook, AsyncRat and Mirai, among others, also struck India with a much higher impact than the global average.

In its ‘CyberArk 2023 Identity Security Threat Landscape Report’ published earlier in June, the cyber security company said that nine out of 10 Indian organisations have already experienced a ransomware attack in the last one year, with 61% anticipating AI-enabled attacks to strike in 2023.