Trojan
CronRAT Targets Linux eCommerce Servers
Linux systems are becoming a frequent target of cyberattacks. Of course, UNIX-based systems are much more secure compared to Windows, and this is one not all cybercriminals are able to develop and deploy such threats.... Read more
Remove Sabsik Trojan
The Sabsik Trojan is a unique detection name that multiple antivirus apps such as Windows Defender use to describe a potentially harmful file. Typically, Trojans of this type provide their operators with the ability... Read more
The MisterySnail RAT Targets IT Companies and Defense Contractors
The MysterySnail RAT is a new piece of malware targeting Windows systems. It has been active since August 2021, and its operators are exploiting zero-day vulnerabilities in Microsoft Windows versions. The latest... Read more
ShellClient Malware Targets Aerospace Industry Since 2018
ShellClient Malware is a newly discovered Remote Access Trojan that, however, has been in use for over two years. The criminals behind it are tracked under the alias MalKamak, and this particular campaign focuses on... Read more
FoggyWeb Malware Used by the Nobelium APT Actors
One of the largest cybercrime campaigns of 2021 was the supply-chain attack against the SolarWinds software vendor. The group behind it, the Nobelium APT, is still active. They are developing different types of... Read more
Numando Banking Trojan Targets Latin America, Leverages Popular Services
Latin American threat actors have a long list of banking Trojans behind their backs. Major malware families like the Bizarro Banking Trojan have been bothering users in Latin America for the past few years. However, a... Read more
Suspected Malware-as-a-Service, RATDispenser, Delivers Trojans
Typically Trojan Loaders focus on deploying one or two implants to the systems they compromise. However, what if there is a loader that is capable of unloading a wide range of payloads, depending on the attacker's... Read more
FlawedGrace RAT Leads the Change in TA505's Latest Campaign
The FlawedGrace RAT is a new piece of malware that the TA505 Advanced Persistent Threat (APT) actors use. Previously, traces of this malware were spotted in the ServHelper campaign that the same gang was responsible... Read more
BlackTech APT Uses the Gh0stTimes Malware
The Gh0stTimes Malware is an upgraded variant of a well-known Remote Access Trojan – the Gh0st RAT. Both of these threats have been involved in multiple attack campaigns of the BlackTech hacking group. Unfortunately,... Read more
MalRhino Android Banking Trojan Active in Latin America
The MalRhino Android Banking Trojan is a project, which shares some similarities with PixStealer. However, it goes after a broader range of targets, and packs a larger number of features. While both threats are... Read more
SparrowDoor Backdoor, a Custom Trojan by the FamousSparrow APT
The FamousSparrow Advanced Persistent Threat (APT) group is fairly new name to the cybercrime field. Recently, their activities and campaigns have been observed closely by malware researchers, and the first implant... Read more
Remove Wirenet Backdoor
The Wirenet Backdoor is a dangerous Trojan that has cross-platform compatibility. This means that it is one of the few malicious implants, which work not just on Windows. This one, in particular, has the ability to... Read more
CetaRAT Trojan Uses Delayed Activation to Evade Security
The CetaRAT is a Remote Access Trojan (RAT) whose development and usage is attributed to an unknown Advanced Persistent Threat (APT) group. However, it is possible that the criminals behind it might be sharing tools... Read more
Graphon Backdoor, Harvest APT's Primary Implant
The Graphon Backdoor is a malicious implant whose development and usage is attributed to the Harvester Advanced Persistent Threat (APT) actor. As the name of this cybercrime group hints, their focus is on harvesting... Read more
Remove SillyRAT Malware
The SillyRAT Malware is a malicious application, which was created by a developer who does not appear to be involved in cybercrime. The app, written in Python, is available on a public GitHub page, alongside its... Read more
Nobelium APT Brings Out the Tomiris Backdoor Trojan
The Tomiris Backdoor Trojan is a new threat that appears to be in use by one or more Advanced Persistent Threat (APT) groups. Although there are significant similarities between the Tomiris Backdoor Trojan and malware... Read more
ZE Loader Enables Overlay Attacks through an RDP Connection
The ZE Loader is a malicious Windows application whose operators use it to execute the so-called overlay attacks. This attack technique focuses on stealing financial data from victims by displaying fake phishing... Read more
FIN8 Hackers use Sardonic Backdoor to Target Financial Institutions
Threat actors have different motivations and goals. Some of them are working for the highest bidder, while others focus on espionage and data exfiltration. There are also those like FIN8, threat actors whose... Read more
