July 24, 2019updated 25 Jul 2019 9:55am

The 10 most popular malware discussed in underground forums

By Robert Scammell

Research carried out by cybersecurity firm Recorded Future has revealed the most popular malware discussed in underground forums, shining a light on what cybercriminals are looking for to carry out their next cyberattack.

The US-headquartered firm’s research division, Insikt Group, carried out a year-long study of adverts and comments in underground forums, both on the open and dark web.

Between May 2018 and May 2019, Insikt analysed over 3.9 million posts that mentioned various strains of malware, which it defines as “operational pieces of code used to conduct illegal activity”.

Factoring in the number mentions and the total number of replies on a thread, and using equations to give what it deemed a more accurate picture, the company found ransomware to be the most talked-about type of malware.

The second most popular malware is crypter, a type of software that can encrypt malware to make it harder to detect by security programs.

In third place is Trojans, malware that is disguised as legitimate software to gain access to a device.

Here’s the full list of the 10 most popular malware (across all languages):    

  1. Ransomware
  2. Crypter
  3. Trojan
  4. WebShell
  5. Remote Access Trojan
  6. Adware
  7. Computer virus
  8. FUD crypter
  9. Exploit Kit
  10. Rootkit

Analysing the most popular malware

Recorded Future noted that these malware “included openly available dual-use tools, open-source malware or cracked malware, showing that underground forum members are discussing and using tools readily available to them more often than paying for or inventing new tools”.

And because some of the most popular malware is over three years old, Insikt Group “assesses with medium confidence that there likely exist enough victims who do not comply with basic security precautions for forum members to successfully infect”.

There is also evidence that an increasing number of low-level cybercriminals are “developing and sharing generic ransomware on underground forums”, with roughly 50% of ransomware chatter coming from “lower-level vendors”.

Recorded Future, which was recently acquired by private equity firm Insight Partners for $780m, also looked at the most popular malware across different languages, including Russian and Chinese.

It found that njRat, SpyNote, GrandCrab and DroidJack were “broadly discussed” across multiple language groups.

Read more: Ransomware attacks up 200% in the UK as attackers turn to “malware cocktails” 


Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: