Trojan
FlawedGrace RAT Leads the Change in TA505's Latest Campaign
The FlawedGrace RAT is a new piece of malware that the TA505 Advanced Persistent Threat (APT) actors use. Previously, traces of this malware were spotted in the ServHelper campaign that the same gang was responsible... Read more
BlackTech APT Uses the Gh0stTimes Malware
The Gh0stTimes Malware is an upgraded variant of a well-known Remote Access Trojan – the Gh0st RAT. Both of these threats have been involved in multiple attack campaigns of the BlackTech hacking group. Unfortunately,... Read more
MalRhino Android Banking Trojan Active in Latin America
The MalRhino Android Banking Trojan is a project, which shares some similarities with PixStealer. However, it goes after a broader range of targets, and packs a larger number of features. While both threats are... Read more
SparrowDoor Backdoor, a Custom Trojan by the FamousSparrow APT
The FamousSparrow Advanced Persistent Threat (APT) group is fairly new name to the cybercrime field. Recently, their activities and campaigns have been observed closely by malware researchers, and the first implant... Read more
Remove Wirenet Backdoor
The Wirenet Backdoor is a dangerous Trojan that has cross-platform compatibility. This means that it is one of the few malicious implants, which work not just on Windows. This one, in particular, has the ability to... Read more
JDWPMiner Trojan Targets the Java Debug Wire Protocol
Cybersecurity researchers report of a new piece of malware, which exploits weaknesses in the Java Debug Wire Protocol (JDWP) component. The latter is an important part of the debugging process when it comes to Java... Read more
Graphon Backdoor, Harvest APT's Primary Implant
The Graphon Backdoor is a malicious implant whose development and usage is attributed to the Harvester Advanced Persistent Threat (APT) actor. As the name of this cybercrime group hints, their focus is on harvesting... Read more
Remove SillyRAT Malware
The SillyRAT Malware is a malicious application, which was created by a developer who does not appear to be involved in cybercrime. The app, written in Python, is available on a public GitHub page, alongside its... Read more
Nobelium APT Brings Out the Tomiris Backdoor Trojan
The Tomiris Backdoor Trojan is a new threat that appears to be in use by one or more Advanced Persistent Threat (APT) groups. Although there are significant similarities between the Tomiris Backdoor Trojan and malware... Read more
ZE Loader Enables Overlay Attacks through an RDP Connection
The ZE Loader is a malicious Windows application whose operators use it to execute the so-called overlay attacks. This attack technique focuses on stealing financial data from victims by displaying fake phishing... Read more
FIN8 Hackers use Sardonic Backdoor to Target Financial Institutions
Threat actors have different motivations and goals. Some of them are working for the highest bidder, while others focus on espionage and data exfiltration. There are also those like FIN8, threat actors whose... Read more
IISerpent Trojan Targets IIS Servers, Manipulates Search Engine Optimization
Recently, cybersecurity experts have had to deal with a large number of malware focusing the Internet Information Services (IIS) component. The latest malware family to join the list is the IISerpent Trojan. This... Read more
The MisterySnail RAT Targets IT Companies and Defense Contractors
The MysterySnail RAT is a new piece of malware targeting Windows systems. It has been active since August 2021, and its operators are exploiting zero-day vulnerabilities in Microsoft Windows versions. The latest... Read more
ShellClient Malware Targets Aerospace Industry Since 2018
ShellClient Malware is a newly discovered Remote Access Trojan that, however, has been in use for over two years. The criminals behind it are tracked under the alias MalKamak, and this particular campaign focuses on... Read more
FoggyWeb Malware Used by the Nobelium APT Actors
One of the largest cybercrime campaigns of 2021 was the supply-chain attack against the SolarWinds software vendor. The group behind it, the Nobelium APT, is still active. They are developing different types of... Read more
Numando Banking Trojan Targets Latin America, Leverages Popular Services
Latin American threat actors have a long list of banking Trojans behind their backs. Major malware families like the Bizarro Banking Trojan have been bothering users in Latin America for the past few years. However, a... Read more
Horus Eyes RAT Used to Support the warsaw Banking Trojan
Cybercriminals often combine private projects with well-known, public malware families. The latest example of this is a banking Trojan with the name 'warsaw.' The creators of this malware are relying on a relatively... Read more
IISpy Backdoor Goes After Microsoft IIS Servers
The IISpy Backdoor is a dangerous Trojan, which targets a particular Windows service – the Internet Information Services (IIS.) The goal of the malware is reconnaissance and espionage. This is why it focuses on tasks... Read more
