The Dimnie trojan was first identified in 2014 and a new, highly modular version was discovered in January 2017 after GitHub users were targeted in a malicious email campaign.
LuminosityLink remote access trojan (RAT) is a malware family that was first identified in May 2015 and claims to be a system administration utility; however, it is a keylogger and backdoor typically used by cybercriminals.
A trojan designed to steal credit card numbers, login credentials, and other sensitive data. It copies itself to the Windows system folder, drops a DLL file, and sends data collected to a remote website.
Proton is a remote access trojan (RAT) targeting macOS, first dispatched in late 2016. It is being advertised on Russian underground hacking forums, YouTube videos, and a custom website.
Poweliks is a click-fraud trojan, first discovered by G Data SecurityLabs researchers in 2014. It is used to generate revenue through ad-click fraud and evolved to a "fileless" threat in 2015, making it harder to detect.
The StoneDrill Trojan, a wiper malware similar to the Shamoon malware and reuses code from the “NewsBeef” espionage campaign, was first reported in March 2017 by Kaspersky. Its features include advanced evasion techniques, including injecting wiping modules into the computer’s memory associated with the user’s preferred browser, and a backdoor capability used for espionage purposes.
The DNSMessenger remote access Trojan (RAT) was first detected by a security researcher, Simpo, in February 2017. It is a sophisticated RAT and is likely used in targeted attacks. According to further investigation conducted by Cisco Talos, DNSMessenger uses malicious macros in Word documents to infect victims.
OmniRAT is a remote access Trojan first discovered in November 2015 by an Avast researcher. It is very similar to DroidJack and SpyNote and is used to gain remote administrative control of Android, Windows, Linux, and Mac devices and facilitates spying.
Fleercivet is a click-fraud Trojan. It is typically spread by malware downloaders and drive-by downloads. Many compromises result from victims opening infected email attachments. Once present, Fleercivet can spread its files across a system, making it especially difficult to remove.
AthenaGo remote access Trojan (RAT) uses a never-before-seen capability utilizing Tor proxies to redirect traffic from infected hosts to servers hidden on the Tor network. It is written in the “Go” programming language and deployed against Microsoft Windows machines.
In February 2017, a Mac malware version of X-Agent, XAgentOSX, was first identified, used in targeted and politically motivated attacks by APT28 – a Russian cyber-espionage group. According to Palo Alto, APT28 uses the Komplex malware to infect Mac systems then installs the XAgentOSX Trojan.
Windows Mirai Trojan was discovered in February 2017 and is used to help the Mirai botnet spread to even more devices. The Mirai botnet was created by infecting a device, selecting a random IP address, and then attempting to log in via a list of default admin credentials; however, Mirai’s self-propagation could only be used on Linux operating systems.
Proxy is a Trojan that targets Linux devices. It was first identified in late 2016 and by the end of January 2017, thousands of devices had been infected. Attackers use other Trojans to initially compromise the device and create a new user “mother” with the password “f***er.”
Seaduke Trojan was first identified in 2014 and is part of the “Duke” malware family used by the cyber-espionage group Cozy Bear, also known as APT 29. It is a low-profile information-stealer, used against few high-value targets and deployed against government-level targets in the United States and Europe.
The Hancitor Trojan, also known as Chanitor, is a downloader first observed in 2014. It distributes its payload via a Word document email attachment with embedded malicious macros. The most recent version of Hancitor contains the encoded shellcode within the macro and uses native API calls within Visual Basic (VB) code to pass execution, and carves out and decrypts the embedded malware in the attachment.
NJRat is a remote access Trojan (RAT), first spotted in June 2013 with samples dating back to November 2012. It was developed and is supported by Arabic speakers and mainly used by cybercrime groups against targets in the Middle East. In addition to targeting some governments in the region, the Trojan is used to control botnets and conduct other typical cybercrime activity.
MM Core is a file-less Trojan discovered by FireEye in 2013 and typically used by advanced persistent threat (APT) actors. It was designed to collect information from the infected device and establish a backdoor for remote access.
China Chopper is a 4KB Web shell first discovered in 2012. It is widely used by Chinese and other malicious actors, including APT groups, to remotely access compromised Web servers. It consists of two parts, the client interface (an executable file) and the file on the compromised web server.
Panda Banker, a Zeus-like banking Trojan, was first reported by ProofPoint researchers in April 2016. This Trojan targets users through malicious email attachments and via the Angler, Nuclear, and Neutrino exploit kits.