Trojan

FlawedGrace RAT Leads the Change in TA505's Latest Campaign screenshot

FlawedGrace RAT Leads the Change in TA505's Latest Campaign

The FlawedGrace RAT is a new piece of malware that the TA505 Advanced Persistent Threat (APT) actors use. Previously, traces of this malware were spotted in the ServHelper campaign that the same gang was responsible... Read more

October 21, 2021
BlackTech APT Uses the Gh0stTimes Malware screenshot

BlackTech APT Uses the Gh0stTimes Malware

The Gh0stTimes Malware is an upgraded variant of a well-known Remote Access Trojan – the Gh0st RAT. Both of these threats have been involved in multiple attack campaigns of the BlackTech hacking group. Unfortunately,... Read more

October 13, 2021
MalRhino Android Banking Trojan Active in Latin America screenshot

MalRhino Android Banking Trojan Active in Latin America

The MalRhino Android Banking Trojan is a project, which shares some similarities with PixStealer. However, it goes after a broader range of targets, and packs a larger number of features. While both threats are... Read more

October 5, 2021
SparrowDoor Backdoor, a Custom Trojan by the FamousSparrow APT screenshot

SparrowDoor Backdoor, a Custom Trojan by the FamousSparrow APT

The FamousSparrow Advanced Persistent Threat (APT) group is fairly new name to the cybercrime field. Recently, their activities and campaigns have been observed closely by malware researchers, and the first implant... Read more

September 27, 2021
Remove Wirenet Backdoor screenshot

Remove Wirenet Backdoor

The Wirenet Backdoor is a dangerous Trojan that has cross-platform compatibility. This means that it is one of the few malicious implants, which work not just on Windows. This one, in particular, has the ability to... Read more

August 27, 2021
JDWPMiner Trojan Targets the Java Debug Wire Protocol screenshot

JDWPMiner Trojan Targets the Java Debug Wire Protocol

Cybersecurity researchers report of a new piece of malware, which exploits weaknesses in the Java Debug Wire Protocol (JDWP) component. The latter is an important part of the debugging process when it comes to Java... Read more

August 13, 2021
Graphon Backdoor, Harvest APT's Primary Implant screenshot

Graphon Backdoor, Harvest APT's Primary Implant

The Graphon Backdoor is a malicious implant whose development and usage is attributed to the Harvester Advanced Persistent Threat (APT) actor. As the name of this cybercrime group hints, their focus is on harvesting... Read more

October 19, 2021
Remove SillyRAT Malware screenshot

Remove SillyRAT Malware

The SillyRAT Malware is a malicious application, which was created by a developer who does not appear to be involved in cybercrime. The app, written in Python, is available on a public GitHub page, alongside its... Read more

October 13, 2021
Nobelium APT Brings Out the Tomiris Backdoor Trojan screenshot

Nobelium APT Brings Out the Tomiris Backdoor Trojan

The Tomiris Backdoor Trojan is a new threat that appears to be in use by one or more Advanced Persistent Threat (APT) groups. Although there are significant similarities between the Tomiris Backdoor Trojan and malware... Read more

September 30, 2021
ZE Loader Enables Overlay Attacks through an RDP Connection screenshot

ZE Loader Enables Overlay Attacks through an RDP Connection

The ZE Loader is a malicious Windows application whose operators use it to execute the so-called overlay attacks. This attack technique focuses on stealing financial data from victims by displaying fake phishing... Read more

September 24, 2021
FIN8 Hackers use Sardonic Backdoor to Target Financial Institutions screenshot

FIN8 Hackers use Sardonic Backdoor to Target Financial Institutions

Threat actors have different motivations and goals. Some of them are working for the highest bidder, while others focus on espionage and data exfiltration. There are also those like FIN8, threat actors whose... Read more

August 26, 2021
IISerpent Trojan Targets IIS Servers, Manipulates Search Engine Optimization screenshot

IISerpent Trojan Targets IIS Servers, Manipulates Search Engine Optimization

Recently, cybersecurity experts have had to deal with a large number of malware focusing the Internet Information Services (IIS) component. The latest malware family to join the list is the IISerpent Trojan. This... Read more

August 12, 2021
The MisterySnail RAT Targets IT Companies and Defense Contractors screenshot

The MisterySnail RAT Targets IT Companies and Defense Contractors

The MysterySnail RAT is a new piece of malware targeting Windows systems. It has been active since August 2021, and its operators are exploiting zero-day vulnerabilities in Microsoft Windows versions. The latest... Read more

October 15, 2021
ShellClient Malware Targets Aerospace Industry Since 2018 screenshot

ShellClient Malware Targets Aerospace Industry Since 2018

ShellClient Malware is a newly discovered Remote Access Trojan that, however, has been in use for over two years. The criminals behind it are tracked under the alias MalKamak, and this particular campaign focuses on... Read more

October 7, 2021
FoggyWeb Malware Used by the Nobelium APT Actors screenshot

FoggyWeb Malware Used by the Nobelium APT Actors

One of the largest cybercrime campaigns of 2021 was the supply-chain attack against the SolarWinds software vendor. The group behind it, the Nobelium APT, is still active. They are developing different types of... Read more

September 28, 2021
Numando Banking Trojan Targets Latin America, Leverages Popular Services screenshot

Numando Banking Trojan Targets Latin America, Leverages Popular Services

Latin American threat actors have a long list of banking Trojans behind their backs. Major malware families like the Bizarro Banking Trojan have been bothering users in Latin America for the past few years. However, a... Read more

September 20, 2021
Horus Eyes RAT Used to Support the warsaw Banking Trojan screenshot

Horus Eyes RAT Used to Support the warsaw Banking Trojan

Cybercriminals often combine private projects with well-known, public malware families. The latest example of this is a banking Trojan with the name 'warsaw.' The creators of this malware are relying on a relatively... Read more

August 17, 2021
IISpy Backdoor Goes After Microsoft IIS Servers screenshot

IISpy Backdoor Goes After Microsoft IIS Servers

The IISpy Backdoor is a dangerous Trojan, which targets a particular Windows service – the Internet Information Services (IIS.) The goal of the malware is reconnaissance and espionage. This is why it focuses on tasks... Read more

August 11, 2021