AsyncRAT attacks have seen a significant increase, placing this remote access Trojan among the top four most prevalent malware strains globally, as revealed by the latest Global Threat Index from Check Point Software Technologies. This rise in attacks is a cause for concern as cybercriminals are finding ways to exploit trusted platforms to evade security measures and infiltrate company networks.
Researchers have noted that AsyncRAT is being used in sophisticated phishing campaigns, often camouflaged behind links from reputable sources like Dropbox and TryCloudflare to circumvent traditional security defenses. Once a user clicks on the link, a complex infection chain is initiated involving various files such as LNK, JavaScript, and BAT, allowing attackers to seize control of compromised systems, steal sensitive data, and introduce additional malware.
Maya Horowitz, the VP of Research at Check Point Software, warns that cybercriminals are increasingly utilizing legitimate platforms to distribute malware and avoid detection. Organizations are advised to stay vigilant and implement proactive security measures to mitigate the risks posed by such evolving threats.
In the global landscape of malware, FakeUpdates (SocGholish) topped the list last month, affecting 3% of organizations, followed by Androxgh0st, Remcos, AsyncRAT, and AgentTesla. Within the UK, the most prevalent malware families in February 2025 included Androxgh0st, FakeUpdates (SocGholish), Remcos, AgentTesla, and Formbook.
On mobile platforms, Anubis continues to be the most common malware, particularly targeting banking applications and bypassing multi-factor authentication (MFA). Necro, a malicious downloader for Android, is on the rise, while AhMyth, an Android RAT, though slightly declining, remains a significant threat.
Moreover, Cl0p remains the leading ransomware group, responsible for 35% of reported ransomware attacks and known for its double extortion tactics. Other active ransomware groups include RansomHub, which operates as a Ransomware-as-a-Service (RaaS) model evolving from Knight ransomware, and Akira, targeting both Windows and Linux systems through phishing and VPN exploits.
The top three industries globally under attack are education, telecommunications, and government. As threats like AsyncRAT continue to evolve, Check Point advises IT practitioners to prepare for increased risks and emphasizes the importance of enhancing email security, endpoint defenses, and employee training across all sectors to stay ahead of evolving tactics.
For a detailed overview of February 2025’s Global Threat Index, readers can visit the official Check Point Blog.