Cybersecurity firm ReliaQuest reported that QakBot, SocGholish, and Raspberry Robin were the three most commonly used malware loaders in 2023. Cybercriminals utilized one of these three services in 80% of observed incidents this year.

QakBot was activated in 2009 as a banking trojan but has since developed into a malware loader capable of deploying payloads, stealing information, and allowing lateral movement. QakBot is most notably used by the BlackBasta ransomware group to target a multitude of industries via phishing emails. The SocGholish loader was activated in 2018 and is utilized by Russia-based Evil Corp and initial access broker Exotic Lily. It uses a network of compromised websites to deploy via downloads and fake updates. Threat actors used the loader this year during watering hole attacks on multiple large organizations’ websites. Raspberry Robin was first observed as a Windows worm in late 2021 and is now used by Evil Corp and Silence to deploy ransomware and malware families via removable devices. The loader was employed during CL0P, LockBit, and TrueBot attacks against a wide array of targets in Europe this year.

Read More: