According to experts in Checkpoint, a cybersecurity firm, the following are the Top 3 Malware in Kenya and Nigeria:
Kenya
1. Sality – Family of file infectors spread by infecting .exe and .scr files and via removable drives and network shares. Systems infected with Sality can communicate over a peer-to-peer (P2P) network for spamming purposes, proxying of communications, and to compromise web servers, exfiltrate sensitive data and coordinate distributed computing tasks to process intensive tasks.
2. Necurs – Botnet used to distribute many malware variants, mostly banking trojans and ransomware. It usually spreads malware based on massive spam campaigns, with zip attachments containing malicious JavaScript code.
Tekedia Mini-MBA edition 14 (June 3 – Sept 2, 2024) begins registrations; get massive discounts with early registration here.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
3. Hiddad – Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.
Nigeria
1. Virut – Botnet and malware distributor used in DDoS attacks, spam distribution, data theft and fraud. The malware is spread through infected devices such as USB sticks as well as compromised websites and files.
2. Sality – Family of file infectors spread by infecting .exe and .scr files and via removable drives and network shares. Systems infected with Sality can communicate over a peer-to-peer (P2P) network for spamming purposes, proxying of communications, and to compromise web servers, exfiltrate sensitive data and coordinate distributed computing tasks to process intensive tasks.
3. Gamarue – Modular bot with a loader which downloads additional modules from its C&C server. The loader has both anti-VM and anti-debug features. It injects into trusted processes to hide itself and then deletes the original bot. Infected machines can be harvested for financial credentials and also become part of a large botnet. Gamarue spreads by infecting removable drives such as USB drives or portable hard disks.
The data is from Check Point which maintains a ThreatCloud Map which is powered by Check Point’s ThreatCloud intelligence, a collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analysed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.