The latest Global Threat Index from Check Point Software Technologies has revealed a sharp rise in AsyncRAT attacks, pushing this stealthy remote access Trojan (RAT) into the top four most prevalent malware strains worldwide.
This is a concerning trend: malicious actors are increasingly eyeing and exploiting trusted platforms to slip through security nets and gain a toehold in company networks.
A Growing Global Menace
According to researchers, AsyncRAT is being deployed in sophisticated phishing campaigns, often disguised behind Dropbox and TryCloudflare links to bypass conventional security solutions. Once a user clicks, a multi-stage infection chain unfolds, involving LNK, JavaScript, and BAT files, enabling attackers to take control of compromised machines, steal data, and deliver additional malware.
“Cybercriminals are leveraging legitimate platforms to deploy malware and avoid detection,” said Maya Horowitz, VP of Research at Check Point Software. “Organisations must remain vigilant and implement proactive security measures to mitigate the risks of such evolving threats.”
Top Malware Families in February 2025
Globally, FakeUpdates (SocGholish) topped the list, impacting 3% of organizations, followed by Androxgh0st, Remcos, AsyncRAT, and AgentTesla.
In the UK, the top five malware families identified last month were:
- Androxgh0st – A Python-based malware targeting exposed environment (.env) files in cloud environments, capable of credential theft and further exploitation.
- FakeUpdates (SocGholish) – A fake browser update scam linked to Evil Corp, used to drop additional payloads through compromised websites.
- Remcos – A versatile RAT known for phishing campaigns and its ability to bypass User Account Control (UAC).
- AgentTesla – A powerful info-stealing RAT, active since 2014, capable of harvesting keystrokes, screenshots, and credentials.
- Formbook – A long-standing infostealer, active since 2016, used to exfiltrate sensitive data.
Malware Trends
On mobile platforms, Anubis has kept its place at the top, remaining the most common malware, targeting banking apps and bypassing MFA. Rising in the nefarious ranks is Necro, a malicious downloader for Android, while AhMyth, an Android RAT, saw a slight decline but remains a significant risk.
Meanwhile, Cl0p remains the dominant ransomware group, responsible for 35% of reported ransomware attacks, known for its double extortion tactics — threatening to leak data unless ransoms are paid.
Other active ransomware groups include:
- RansomHub – A popular Ransomware-as-a-Service (RaaS) operation, evolved from Knight ransomware.
- Akira – Targeting both Windows and Linux systems, often via phishing and VPN exploits.
Most Targeted Sectors
Globally, the top three industries under attack are:
- Education
- Telecommunications
- Government
As malefactors increasingly abuse legitimate platforms to deliver their sophisticated threats like AsyncRAT, Check Point warns IT practitionrs to brace for rising threats, and urges entities in every industry to review email security, endpoint defenses, and employee training to stay ahead of these evolving tactics.
For a full breakdown of February 2025’s Global Threat Index, visit the official Check Point Blog.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.