Trojan
ZE Loader Enables Overlay Attacks through an RDP Connection
The ZE Loader is a malicious Windows application whose operators use it to execute the so-called overlay attacks. This attack technique focuses on stealing financial data from victims by displaying fake phishing... Read more
FIN8 Hackers use Sardonic Backdoor to Target Financial Institutions
Threat actors have different motivations and goals. Some of them are working for the highest bidder, while others focus on espionage and data exfiltration. There are also those like FIN8, threat actors whose... Read more
IISerpent Trojan Targets IIS Servers, Manipulates Search Engine Optimization
Recently, cybersecurity experts have had to deal with a large number of malware focusing the Internet Information Services (IIS) component. The latest malware family to join the list is the IISerpent Trojan. This... Read more
VBA RAT Reaches Victims through pro-Crimea Manifesto
A new piece of malware has been used in the ongoing cyber battle between Russia and Ukraine over the Crimea conflict. The new threat, dubbed the VBA RAT, is being delivered through phishing emails, which contain a... Read more
BIOPASS RAT Spread Through Compromised Gambling Sites
An unknown threat actor is using a new Python-based payload to target users of Chinese gambling sites. The malware is being spread via fraudulent messages and pop-ups, which show up on legitimate gambling sites – this... Read more
What is the 'Wup.exe' Process?
One of the first thing that tech-savvy users do when they experience performance issues is to check the Task Manager. This essential Windows tool reveals a lot about the way your computer's resources are being used.... Read more
Numando Banking Trojan Targets Latin America, Leverages Popular Services
Latin American threat actors have a long list of banking Trojans behind their backs. Major malware families like the Bizarro Banking Trojan have been bothering users in Latin America for the past few years. However, a... Read more
Horus Eyes RAT Used to Support the warsaw Banking Trojan
Cybercriminals often combine private projects with well-known, public malware families. The latest example of this is a banking Trojan with the name 'warsaw.' The creators of this malware are relying on a relatively... Read more
IISpy Backdoor Goes After Microsoft IIS Servers
The IISpy Backdoor is a dangerous Trojan, which targets a particular Windows service – the Internet Information Services (IIS.) The goal of the malware is reconnaissance and espionage. This is why it focuses on tasks... Read more
Coper Android Trojan Strikes Colombian Users
Coper is a newly identified threat, which appears to have features typical for banking Trojans. It goes after Android mobile devices exclusively, and it is able to target a wide range of financial institutions. Its... Read more
ReverseRat, a Pakistani Trojan Targeting Indian Entities
The cyber warfare between India and Pakistan continues. This time, an unknown Pakistani threat actor has been using a new malware, called ReverseRat, to compromise the network security of India-based power companies.... Read more
PYSA Gang Employs the ChaChi Trojan to Deliver Ransomware
Ransomware gangs often rely on a wide range of malware families to gain complete control over infected systems, as well as to spread laterally across entire networks. One of the ransomware gangs to recently introduce... Read more
Remove Wirenet Backdoor
The Wirenet Backdoor is a dangerous Trojan that has cross-platform compatibility. This means that it is one of the few malicious implants, which work not just on Windows. This one, in particular, has the ability to... Read more
JDWPMiner Trojan Targets the Java Debug Wire Protocol
Cybersecurity researchers report of a new piece of malware, which exploits weaknesses in the Java Debug Wire Protocol (JDWP) component. The latter is an important part of the debugging process when it comes to Java... Read more
Cinobi Banking Trojan Goes After Users in Japan
The Cinobi Banking Trojan made its first moves in 2020 when its operators went after users in Japan. Surprisingly, they severely limited the Trojan's reach by relying on a set of two exploits, which only worked on... Read more
MosaicLoader Spreads RATs and Infostealers
Malware researchers have identified a new strain of malware, which goes under the name MosaicLoader. The threat is able to distribute additional payloads to its victims, and it has been typically used in combination... Read more
RustyBuer, a Reworked Version of the Buer Trojan
The Buer downloader is a dangerous Trojan whose activity dates back to the end of 2020. Its creators use it to propagate different pieces of malware such as banking Trojans, ransomware, and information stealer.... Read more
Reworked JSSLoader Delivers the Carbanak Trojan
Refactoring code is a popular technique that software developers use to, in layman's terms, modify the internal structure of their program without changing its behavior at all. Malware developers also employ such... Read more
