Most Popular Malware Variants in 2021

The U.S. Cybersecurity and Infrastructure Security Agency has released a listing of the top malware variants discovered in 2021. Threat actors use malware to attack devices, allowing them an entry point into devices and systems to do a variety of nefarious activities. Malware is detrimental to sabotage systems, for instance, wipers that erase all information in systems. The surge in the price of cryptocurrencies resulted in a growth in the usage of cryptocurrency miners that hijack the information of systems for mining cryptocurrencies. Worms and other malware can breach one device and likewise self-propagate and affect all other vulnerable gadgets on a system.

Recently, the use of ransomware greatly increased. Ransomware encrypts data on attacked systems to make information inaccessible. Ransom demand is sent to the victim in exchange for the decryption keys. The majority of ransomware variants support information exfiltration. Before encryption, files are stolen. The ransom payment should then be given to decrypt files and also to stop the public posting or sale of the stolen information. Although ransomware is a kind of malware, it is usual for threat actors to use it like the Remote Access Trojans (RATs) to obtain preliminary access to systems, and sell the access to ransomware groups.

Malware is downloaded utilizing different attack vectors. Malware is often sent through email, upon the exploitation of vulnerabilities in Remote Desktop Protocol, and by taking advantage of identified vulnerabilities in software programs. Preliminary access to accounts may be obtained by using brute force tactics to figure out weak credentials. Because of different attack vectors, there is no one cybersecurity control that could be employed to prevent all malware attacks. It must additionally be mentioned that although antivirus software program can identify malware according to malware signatures available in the definition lists of the software program, it can’t prohibit malware except if the signature is found in the definition list. Different variants of malware are launched, and small adjustments could be all that are needed to avert antivirus remedies.

In 2021, the most popular types of malware employed in attacks are banking Trojans, remote access Trojans, malware, and information stealers. The leading malware variants were:

Information Stealers – Agent Tesla, AZORult, Formbook, NanoCore
Information Stealer and Banking Trojan – Ursnif
Trojon Information Stealer – LokiBot
Ransomware dropper – MOUSEISLAND
Banking Trojan – Qakbot – This is often utilized for reconnaissance and information exfiltration, and sending more malware payloads
Remcos – Remote management and pen testing tool employed to develop a backdoor in system of victims
Banking Trojan cum botnet cum malware dropper – TrickBot
Malware loader – GootLoader

These malware variants have been employed in attacks for many years and have progressed to become more elusive and offer them new functionality. AZORult, Agent Tesla, Formbook, NanoCore, LokiBot, TrickBot, and Remcos have all been employed for over 5 years, whereas Qakbot and Ursnif have been used for over 10 years.

Besides giving malware gangs access to victims’ systems, TrickBot and Qakbot work as malware droppers and were broadly employed to provide ransomware groups such as Conti with systems access. The Conti group is recognized to have performed a minimum of 450 ransomware attacks in the first 6 months of 2021. All through 2021, the malware variants Agent Tesla, Formbook, and Remcos were substantially used in phishing emails, exploiting the pandemic and making use of COVID-19-inspired baits.


CISA has given a listing of proposed mitigations for preventing malware threats and minimizing the effect of successful attacks, the most critical of which are to update software programs and patch immediately, implement multifactor authentication, protect and keep track of RDP and other possibly dangerous services, and give consumer security awareness instruction.