Discover the top types of malware for 2023

Different types of malware have been plaguing consumers and businesses for decades. Covering a variety of threats, malware — also known as malicious soft­ware — has the ability to steal data, monitor activity via spyware, affect device and network performance or launch denial of service (DoS) attacks on unsuspecting victims.

Computer viruses, trojans, ransom­ware, worms and spyware are all considered malware. And malware is an ever-present form of cyber attack, with the most prevalent Windows threats currently being info­stealers and down­loader trojans. (According to F‑Secure’s monitoring of prevalent threats in 2022, info­stealers accounted for 69% of detected Windows threats, with down­loader trojans making up 28% of identified infections.)

Cyber criminals will continue to target information that can be used for financial gain, explained Patricia Dacuno, Senior Researcher at F‑Secure. This can be in the form of more sophisticated info­stealing trojans, or by targeting organizations. More cyber crimes will be coming as data breaches continue.

In this post we reveal some of the most prevalent and harmful types of malware in 2023, explaining how they affect users, and how you can go about spotting and avoiding them.

1. RedLine stealer is on the rise

Although not a new threat — it was first spotted in 2020 — one of the most notable and prevalent types of malware being distributed in 2023 is RedLine Stealer. It is a good example of modern malware-as-a-service, where someone creates a piece of malware and then sells it to other criminals, who can then use it for their own purposes (for as little as $100–$200 each month). And according to F‑Secure’s telemetry tracking, the spread of RedLine stealer increased by 200% during 2022.

RedLine stealer is distributed through phishing and files masquerading as legitimate soft­ware down­loads, and it focuses on collecting details such as the pass­words stored in your browser and crypto wallets.

To protect against RedLine stealer — as well as other info­stealers — you should ensure that you use a security application such as F‑Secure Total, which enables you to protect your­self against both RedLine stealer, but also the dropper that it uses to spread. And you should also use a service like F‑Secure ID Protection, which — as well as providing a simple pass­word vault and containing a strong pass­word generator — will also track your credentials across the dark web and notify you if your details have been exposed in a breach.

2. SpyNote trojan targets Android

SpyNote is a remote access trojan that targets the Android mobile operating system. First leaked onto malware forums in 2016, the source code behind SpyNote was released in October of 2022, and since this point infections have increased by more than a quarter, with SpyNote now evolving to target banking details, too.

Apparently, the author of SpyNote became frustrated by scammers impersonating him in hacker forums and published the code on GitHub, Amit Tambe, a researcher at F‑Secure said. Leaking source code of malware always spells doom for its victims, invariably leading to an infection surge.

Attackers have impersonated apps — such as Google, Alipay, and even erotic video apps — and spread them through third-party Android app sites, tricking users into down­loading and installing those apps.

The latest SpyNote variant targets banking apps, aiming to access users’ account details, and infections have steadily spread, with F‑Secure recording a rise in the number of infections of 28.5% at the beginning of the last quarter of 2022.

To avoid getting hit by types of malware such as the SpyNote trojan you should only install trusted applications from the Google Play store. And care should be taken to find out the names of real apps — especially for your banking and financial management — before down­loading similar sounding alternatives.

3. Criminals turn to OneNote as Microsoft blocks macros

Phishing attacks that target files created in Microsoft’s note-taking app, OneNote, have risen considerably in recent months, after the company changed the default behavior of Office applications to block macros in July 2022; therefore, removing one of the primary ways that cyber criminals previously got malware onto a user’s computer.

Simply put, macros are — or were — attackers’ favorite method of springing malware on victims, especially through Word and Excel. It’s easy, with high chances of returns, said Amit Tambe, a researcher at F‑Secure. With one move, Microsoft tightened the noose on attackers.

Based on F‑Secure’s upstream data, attacks using OneNote documents have increased by a factor of three since Microsoft blocked macros, whereas cases of malware being spread through types of malware targeting Word and Excel files have dwindled.

We saw a 66% drop in the number of Word documents being used from Oct 2022 to Jan 2023, Tambe said. For Excel, there has been an even more significant drop — 75%.

OneNote comes with both Windows 11 and Office 365, and whilst being popular with groups that rely on note-taking, such as students, the application is far less popular than Word or Excel.

That’s exactly why this attack is so effective, Tambe said. Most people don’t know what a .one file is. They figure they’ll just click it and find out.

To prevent infection via a OneNote file, avoid opening .one file extensions sent via email where possible. And you should always use anti­virus applications, such as F‑Secure Total, which includes real-time scanning to monitor attachments when they are accessed, blocking those that contain malware.

4. SharkBot targets bank details via Android

Android has become a popular platform for distributing malicious types of malware. And SharkBot is currently one of the most notable mobile banking trojans distributed in the Google Play Store, where it poses as different kinds of security and utility apps, like anti­virus, cleaners, or file manager apps.

Personal information, billing data, health records, or data of a sensitive nature has high value in the dark market, said Patricia Dacuno, Senior Researcher at F‑Secure.

SharkBot, like many other banking trojans, can show a screen overlay on top of actual banking apps. These overlays tend to look identical to actual banking apps, and it can be very difficult for the victim to realize what’s happening.

The fake apps containing SharkBot allow criminals to steal victims’ credentials, whilst also including a key­logger to track button clicks and SMS intercept, which reveals all text messages. In addition, remote control functionality allows criminals to bypass security features to make financial trans­actions without the device owner’s knowledge.

Android users should be very careful when clicking links leading to the installation of Anti­virus or Cleaner apps. And use a reputable mobile security product, such as F‑Secure Total, which will do a regular scan of your device to make sure no known malware has been detected. In the event of an infection being found, uninstall the malicious app and stop using the device for any financial trans­actions.