The year 2024 recorded a significant surge in global cyberattacks, with major companies such as Dell and Ticketmaster becoming victims of data breaches and infrastructure compromises. This trend of cyber attacks can be predicted to continue into 2025. So, to prepare for all types of malware attacks, every company or organization needs to know the cyber enemy beforehand. Here are 5 families of malware that can be studied and anticipated.
Lumma
Since 2022, the Dark Web has openly sold Lumma, a malware that steals sensitive information. Effectively, this malware is capable of collecting and extracting data from targeted applications, including login credentials, financial information, and personal details.
Lumma is regularly updated to enhance its capabilities. The result can record detailed information from the targeted system, such as browsing history and cryptocurrency wallets. This can be used to plant malicious software on the infected device. In 2024, this malware was distributed through various methods, including fake CAPTCHA pages, torrents, and targeted phishing emails.
XWorm
XWorm is a malicious program that provides remote control access to infected computers for cybercriminals. First appearing in July 2022, this malware can collect sensitive information, including financial details, browsing history, saved passwords, and cryptocurrency wallet data.
This malware allows attackers to monitor the victim’s activities by logging keystrokes, capturing webcam images, listening to audio input, scanning network connections, and viewing open windows. In addition, it can also access and manipulate the computer’s clipboard, potentially stealing cryptocurrency wallet credentials. In 2024, XWorm has been involved in many large-scale cyberattacks, including exploiting CloudFlare and legitimate digital certificates.
AsyncRAT
AsyncRAT, a remote access trojan that first appeared in 2019. Initially, this malware spread through spam emails, often exploiting the COVID-19 pandemic as bait. Since then, this malware has become popular and used in various cyberattacks.
AsyncRAT has evolved into a dangerous malware. Silently, this malware can record the victim’s screen activity, log keystrokes, install additional malware, steal files, disable security software, and launch attacks that flood the targeted website. Often disguised as pirated software, AsyncRAT remains a significant threat in 2024.
Remcos
Remcos is malware that has been marketed by its creator as a legitimate remote access tool. Launched in 2019, this malware has been used in various attacks to carry out a range of malicious activities, including stealing sensitive information, remotely controlling systems, logging keystrokes, and capturing screen activity.
In 2024, campaigns to distribute Remcos used techniques such as script-based attacks, often starting with VBScript launches of PowerShell scripts to deploy malware and exploiting vulnerabilities like CVE-2017-11882 by leveraging malicious XML files.
LockBit
LockBit is a ransomware that primarily targets Windows devices. LockBit is considered one of the biggest ransomware threats, as evidenced by the numerous cyberattacks, most of which are from Ransomware-as-a-Service (RaaS). LockBit first appeared in 2019 and has become one of the most active ransomware. The group behind LockBit is known to be very sophisticated and often targets large companies, government agencies, or organizations that have critical (important) data. Royal Mail (UK) and National Aerospace Laboratories (India) have been targeted by the LockBit group’s ransomware in 2024.
Law enforcement agencies have taken steps to combat the LockBit group, leading to the arrest of several developers and partners. Despite these efforts, the group continues to operate, with plans to release a new version, LockBit 4.0, in 2025.
Source:
https://thehackernews.com/2025/01/top-5-malware-threats-to-prepare.html
https://nvd.nist.gov/vuln/detail/cve-2017-11882
https://hoploninfosec.com/top-5-malware-threats-of-2025/