By navigating our site, you agree to allow us to use cookies, in accordance with our Privacy Policy.

July 2019’s Most Wanted Malware: Vulnerability in OpenDreamBox 2.0.0 WebAdmin Plugin

Check Point Research has published its latest Global Threat Index for July 2019 in which its Research team has warned organizations of a new vulnerability discovered in the OpenDreamBox 2.0.0 WebAdmin Plugin that has impacted 32% of organizations globally in the last month.

Global Threat Index

The vulnerability, ranked the 8th most exploited vulnerability, enables attackers to execute commands remotely on target machines. The exploit was triggered alongside other attacks targeting IoT devices – in particular with the MVPower DVR Remote Code Execution (the third most popular exploited vulnerability in July) which is also known to be related to the notorious Mirai botnet.

July also saw a major decrease in the use of Cryptoloot, as it fell to tenth in the top malware list, from third in June 2019.

July 2019’s Top 3 ‘Most Wanted’ Malware:

*The arrows relate to the change in rank compared to the previous month.

XMRig is leading the top malware list, impacting 7% of organizations around the world. Jsecoin and Dorkbot had a global impact of 6% respectively.

  1. ↔ XMRig – XMRig is an open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017.
  2. ↔ Jsecoin– Jsecoin is a JavaScript miner that can be embedded in websites. With JSEcoin, users can run the miner directly in their browser in exchange for an ad-free experience, in-game currency, and other incentives.
  3. ↑ Dorkbot – Dorkbot is an IRC-based Worm designed to allow remote code execution by its operator, as well as the download of additional malware to the infected system.

July’s Top 3 ‘Most Wanted’ Mobile Malware:

In July, Lotoor was the most prevalent Mobile malware, followed by AndroidBauts and Piom – two new malware families in the top mobile malware list.

  1. Lotoor – Hacking tool that exploits vulnerabilities on the Android operating system in order to gain root privileges on compromised mobile devices.
  2. AndroidBauts – Adware targeting Android users that exfiltrates IMEI, IMSI, GPS Location and other device information and allows the installation of third-party apps and shortcuts on mobile devices.
  3. Piom – Adware which monitors the user’s browsing behavior and delivers unwanted advertisements based on the users web activities.

July’s ‘Most Exploited’ vulnerabilities:

SQL Injection techniques continue to lead the top exploited vulnerabilities list, impacting 46% of organizations around the world. In second place is the OpenSSL TLS DTLS Heartbeat Information Disclosure with a global impact of 41%, closely followed by the MVPower DVR Remote Code Execution, which impacted 40% of organization worldwide.

  • SQL Injection (several techniques) – Inserting an injection of SQL query in input from client to application, while exploiting a security vulnerability in an application’s software.
  • ↔ OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346)– An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server.
  • ↑ MVPower DVR Remote Code Execution– A remote code execution vulnerability exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request.

“Threat actors are quick to try and exploit new vulnerabilities when they emerge before organizations have had the chance to patch them, and the OpenDreamBox flaw is no exception.  Even so, it’s surprising that nearly a third of organizations have been impacted.  This highlights how important it is that organizations protect themselves by patching such vulnerabilities quickly,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point.

“The sharp decline in the use of Cryptoloot is also interesting.  It has dominated the top malware list for the past year and a half and was ranked the second most common malware variant seen in the first half of 2019, impacting 7.2% of organizations worldwide.  We believe the decline is linked to its main competitor, Coinhive, closing its operations earlier in 2019.  Threat actors are relying on alternative crypto-mining malware such as XMRig and Jsecoin.”

For the complete list: Click Here


Jyoti Gazmer

A Mass Comm. graduate believes strongly in the power of words. A book lover who dreams to own a library some day. An introvert but will become your closest friend if you share mutual feelings about COFFEE. I prefer having more puppies over humans.

Related Articles

Upcoming Events