ESET Threat Report T2 2022
Contents
THREAT
REPORT T2 2022
WeLiveSecurity.com
@ESETresearch
ESET GitHub
CONTENTS
FOREWORD
Welcome to the T2 2022 issue of the ESET Threat Report!
3
EXECUTIVE SUMMARY
4
FEATURED STORY
7
NEWS FROM THE LAB
9
STATISTICS & TRENDS
10 THREAT LANDSCAPE OVERVIEW
11
TOP 10 MALWARE DETECTIONS
12 INFOSTEALERS
14 RANSOMWARE
16 DOWNLOADERS
18 CRYPTOCURRENCY THREATS
20 WEB THREATS
23 EMAIL THREATS
26 ANDROID
29 macOS AND iOS
31 IoT SECURITY
34 EXPLOITS
37 ESET RESEARCH CONTRIBUTIONS
The past four months were the time of summer vacations for many of us in the northern hemisphere. It
appears that some malware operators also took this time as an opportunity to possibly rest, refocus, and
reanalyze their current procedures and activities. According to our telemetry, August was a vacation month
for the operators of Emotet, the most influential downloader strain. The gang behind it also adapted to
Microsoft’s decision to disable VBA macros in documents originating from the internet and focused on
campaigns based on weaponized Microsoft Office files and LNK files.
In T2 2022, we saw the continuation of the sharp decline of Remote Desktop Protocol (RDP) attacks, …
REPORT T2 2022
WeLiveSecurity.com
@ESETresearch
ESET GitHub
CONTENTS
FOREWORD
Welcome to the T2 2022 issue of the ESET Threat Report!
3
EXECUTIVE SUMMARY
4
FEATURED STORY
7
NEWS FROM THE LAB
9
STATISTICS & TRENDS
10 THREAT LANDSCAPE OVERVIEW
11
TOP 10 MALWARE DETECTIONS
12 INFOSTEALERS
14 RANSOMWARE
16 DOWNLOADERS
18 CRYPTOCURRENCY THREATS
20 WEB THREATS
23 EMAIL THREATS
26 ANDROID
29 macOS AND iOS
31 IoT SECURITY
34 EXPLOITS
37 ESET RESEARCH CONTRIBUTIONS
The past four months were the time of summer vacations for many of us in the northern hemisphere. It
appears that some malware operators also took this time as an opportunity to possibly rest, refocus, and
reanalyze their current procedures and activities. According to our telemetry, August was a vacation month
for the operators of Emotet, the most influential downloader strain. The gang behind it also adapted to
Microsoft’s decision to disable VBA macros in documents originating from the internet and focused on
campaigns based on weaponized Microsoft Office files and LNK files.
In T2 2022, we saw the continuation of the sharp decline of Remote Desktop Protocol (RDP) attacks, …
IoC
1b088545db98018b1b6c3909d4e879c0033325f4c3762a4afcb55a819c5cddb8
6bccee7b6817c8af6a737c24c25e88435a85a3f0
c0af4b8268b4ec4c292409326bfcf5e982993cf5275bcf0d2aa85ef18876a551
da115c7f06d6e27f4d388104dc64d82b1a101d13ed7339cdd3c5e94fd7d3056d
6bccee7b6817c8af6a737c24c25e88435a85a3f0
c0af4b8268b4ec4c292409326bfcf5e982993cf5275bcf0d2aa85ef18876a551
da115c7f06d6e27f4d388104dc64d82b1a101d13ed7339cdd3c5e94fd7d3056d