It isn’t often that an outbreak like WannaCry hits the tech world, and when it does there’s plenty of attention devoted to killing it.
High profile malware doesn’t typically last that long because of the amount of attention it receives, but for every malware flavor that dies due to overexposure, countless slip by undetected.
You’ve probably heard of some, if not all, of the malware on this list. Most of it has been around for a while, staying alive through various incarnations thanks to the efforts of hackers. After all, why reinvent the wheel when you can just make tweak code that already works?
Hummingbad is a form of Android malware that installs a rootkit followed by fake apps. It also generates fraudulent ad revenue to the tune of over $300,000 a month at its peak.
In 2016 Hummingbad managed to infect more than 10 million Android devices. While its infection rate has slowed since then it’s still an active attacker, often being found in fake apps on Google Play and third-party installers.
RoughTed isn’t malware that gets installed on your system directly–it’s malvertising that operates from a variety of domains with the ultimate goal of getting you to click on a link that executes malicious code.
Malvertising targets everyone–mobile users, Windows, and macOS are all subject to damage from false ads. RoughTed domains have been seen installing exploit kits, malware, ransomware, and other dangerous code.
At its peak in early to mid 2017 RoughTed affected over 28% of organizations across the globe.
Globe Imposter is a new ransomware on the scene and is making its way around as most other ransomware does: phishing. It mimics a ransomware called Globe, but all that matters is that the same things result from opening a contaminated email attachment: encrypted files and a demand for Bitcoins.
Globe Imposter made a pretty big splash in August 2017, so most anti-malware software protects against it now. It’s still a threat, though, so keep training users not to open suspicious-looking emails.
This Trojan-style malware gets onto a Windows system and makes sure it’s hard to get it out. It installs backdoors, downloads and runs other malicious apps, and registers itself as a hidden system service so it’s nearly impossible to shut down.
HackerDefender has the potential to become an open door to any network–a terrifying proposition.
If you’ve ever been concerned about Android malware that essentially integrates itself with a device, and all the apps on it, then you were concerned about Triada.
This particularly dangerous Trojan starts off simple: It gets onto a device via an infected app and starts sending data to its command and control server. Then the fun begins.
Triada infects a device’s Zygote Process, the part of Android that controls the launching, running, and stopping of apps. Once there Triada is essentially part of every app on the infected device.
It also opens the door for the installation of other malware, and it operates from a device’s RAM, making it really difficult to detect.
Conficker is a self-replicating worm that can do real damage to infected networks. Conficker itself never delivered a deadly payload, but the worm can open ports, install applications, and gain access to an infected machine to widen its capabilities.
The worst part about Conficker is that Microsoft patched the vulnerability it used to spread (MS08-067) shortly before Conficker appeared in 2008. But in 2017 it’s still alive and kicking, as is MS08-067: Conficker continues to be a commonly exploited vulnerability nearly 10 years later.
Sality is considered one of the harder forms of malware to fight because it does a lot of things in one package. It’s a keylogger, a worm, and a Trojan, and it can even communicate over P2P networks to send data back and forth.
Bottom line, Sality is dangerous and has been since it first appeared in 2003.
Hailing from China, Fireball has infected some 250 million machines since mid-2017. It’s a browser hijacker that generates fake ad click revenue, but that’s just for starters: It can quickly morph into a full-powered malware threat.
Fireball’s controllers can send malware to infected machines and execute code, making it capable of turning into almost anything.
20% of corporate networks worldwide are believed to be infected by Fireball.
Pushdo: If you’ve received spam email there’s a good chance it came from a Pushdo-infected machine at some point.
Pushdo is a spam-generating botnet that peaked at being able to send 7.7 billion spam messages a day. Every time security researchers think they’ve killed it, it pops back up with new command and control servers and variants ready to bombard you with junk mail.
Brandon is a Staff Writer for TechRepublic. He's an award-winning feature and how-to writer who previously worked as an IT professional and served as an MP in the US Army.
