This modular backdoor malware is now the most common threat to Android smartphones

It's taken a whole year for it to be dislodged, but Hummingbad has finally been overtaken as the leading form of mobile malware.

The Hummingbad Android malware is still likely making its creators hundreds of thousands of dollars a month, and continues to infect millions of devices, but the Triada malware has taken the top spot in the first month of the year, Check Point's Threat Impact Index for January has revealed.

See also

This Android malware has infected 85 million devices and makes its creators $300,000 a month

Gang behind malware make money from fraudulent apps -- but if they choose to use their reach for theft, corporations could be put at risk.

Read now

Triada is a modular backdoor for Android which grants the malicious actor super-user privileges on the infected device, allowing them to download additional malware and spoof URLs. It's been the second most prolific malware behind Hummingbad for some time, but now crooks have been able to make it the most prolific form of mobile malicious software.

Hiddad, a form of Android malware which repackages apps then releases them to a third-party store in order to display ads and observe sensitive user data of downloaders, was the third most prolific form of mobile malware in January.

Looking at malware overall, the researchers ranked Kelihos as the most prolific malware of January. Kelihos is a botnet mainly involved in Bitcoin theft and spamming; it uses peer-to-peer communication to enable each individual node to act as command-and-control server. Kelihos is thought to have impacted five percent of all organisations across the globe.

Kelihos is followed by HackerDefender malware and Cryptowall ransomware, which have each affected around 4.5 percent of organisations during January. HackerDefender is a Rootkit for Windows which can be used to hide files processes and registry keys, making the hidden backdoor difficult to find.

Meanwhile, Cryptowall has long been one of the most prominent forms of ransomware, widely distrubuted via exploit kits, malvertising, and phishing. Cryptowall usually ranks behind Locky ransomware, but instances of Locky dropped over Christmas and have yet to return to the level which made it one of the most prolific forms of malware outright.

The 14-year-old Conficker computer worm experienced a spike in activity in early December, and and still hasn't gone away; it ranks as the fourth most prolific form of malware during January. Nemucod, a JavaScript or Visual Basic Script downloader most commonly used to download variants of ransomware and other malicious payloads, was the fifth most prolific form of malware during the month.

The RookieUA information stealer, the Nivdort bot, the Zeus banking Trojan, the Ramnit banking Trojan, and the Necurs botnet round out the list.

"The wide range of threats seen during January, utilizing all the available tactics in the infection chain, demonstrates the size of the task IT teams face in securing their networks against attack," says Nathan Shuchami, head of threat prevention at Check Point.

Read more on cybercrime

• Cyber thieves rob another bank by hacking into Swift financial network [CNET]
• Cybercrime gang uses Google services for malware command and control
• How banks fight back against cyberattacks [TechRepublic]
• Data-stealing Qadars Trojan malware takes aim at 18 UK banks
• This 'invisible' memory-based malware is infiltrating organisations across the globe