The month of August saw a surge in the Ramnit banking trojan, which doubled its global impact and number of attacks in the past couple of months, jumping to sixth place in the Global Threat Index, and fifth place in the UK, according to a new report from Check Point.

In addition to Ramnit climbing in the ranks, Lokibot, an Android banking trojan and information stealer, advanced to the most popular malware on Check Point’s list of Most Wanted Mobile Malware. Lokibot was most frequently used to attack the mobile estates of global organizations, but Lotoor and Triada took the second- and third-place spots for most wanted mobile malware.

The August 2018 findings mark the second summer running in which financially motivated hackers have increased their use of banking trojans to target victims.

“Trends like this should not be ignored as hackers are acutely aware of which attack vectors are most likely to be successful at any given time, suggesting internet users’ browsing habits during the summer months makes them more susceptible to attack than at other times of the year,” researchers wrote in today’s blog post.

The trend emphasizes the level of sophistication and tenacity that malicious actors have when it comes to extorting money. To that end, crypto-mining remained the most common malware during August, with Coinhive still holding strong in the top position, which it has held since March 2018.

The Coinhive malware impacted 17% of global organizations, whereas the second and third ranked cryptomining malwares, Dorkbot and Andromeda respectively, each had a global impact of 6%.

Researchers also analyzed the vulnerabilities that were most exploited during the month of August and found that CVE-2017-7269 was the top choice for hackers, with a 47% global impact. “By sending a crafted request over a network to Microsoft Windows Server 2003 R2 through Microsoft Internet Information Services 6.0, a remote attacker could execute arbitrary code or cause denial of service conditions on the target server. That is mainly due to a buffer overflow vulnerability resulted by improper validation of a long header in HTTP request,” researchers wrote.