An entirely fileless trojan malware likely infecting users' devices via malicious websites or a malware downloader and injected into the system via an autostart registry entry. It is mostly targeting users in the Asia-Pacific region.
Infy, later developed into Foudre, is an information-stealing trojan, using a keylogger and clipboard captures to steal data from targets in governments, businesses, and private citizens mainly in Iran, the United States, and Iraq.
An advanced, modular trojan that has infected victims, undetected, for about five years. Despite its advanced capabilities, the threat actors seem to be financially-motivated, using the malware for adware purposes. Most victims are Russian-speaking users.
A basic backdoor trojan written in the Qt coding framework and targeting Windows computers.
A credential-stealing trojan available for purchase online, mainly targeting Russian-speaking users. It is believed to be distributed via executables in emails and via file hosting sites. It can target multiple applications, including several browsers, to steal credentials.
A click-fraud trojan targeting Windows computers. Currently, the most infections are occurring in Germany and the US.
A trojan targeting Mac OSX, typically distributed via email and uses a persistent pop-up to obtain a victim's password. It then gains administrative privileges and downloads the Tor client, redirecting traffic through Tor and allowing the threat actors to intercept all outgoing traffic.
A cryptocurrency mining trojan targeting the Mac operating system (OSX). It was the second-most widespread Mac malware variant in June 2017, accounting for 21.6 percent of all detections.
A trojan targeting Mac OS X systems first reported on in May 2015, packaged as an application bundle masquerading as an Adobe Flash Player update. A separate OceanLotus variant discovered in June 2017 is distributed via a ZIP file, likely sent as an attachment in an email.
A remote access trojan (RAT) written in the Delphi programming language that can remotely control infected systems. It has been used in a spear phishing campaign targeting Palestinians, specifically Palestinian law enforcement agencies.
A RAT and the first known MaaS targeting Mac users, available for free or as a paid, advanced version on a Dark Web forum. The malware has capabilities including: capture screenshots, log keystrokes, record voice, retrieve clipboard content, retrieve browsing data, obtain iCloud photos, retrieve any files and data, encrypt the entire user directory, disguise the malware as a legitimate file, and access emails and social network accounts.
A trojan distributed by unwanted program bundles and functions as protection software and makes it difficult for Windows users to run their security programs by blocking security vendor's certificates, preventing Windows from executing any program signed with that certificate, including those already installed on the device.
A banking trojan targeting banking institutions in Latin America, including Mexico and Peru. To infect users, it redirects them to a phishing page masquerading as the legitimate web page of a banking institutions, attempting to convince users to input their banking credentials. The trojan is currently distributed by the Beta Bot botnet.
A banking trojan first identified in 2009 that downloads files, steals information, and opens a backdoor on the compromised device. It is distributed via drive-by downloads after users visit infected webpages. Qbot then spreads through networks by copying itself to shared folders. It is typically used in highly-targeted campaigns to avoid drawing attention their operations.
A Linux trojan first identified in late May 2017 infecting Raspberry Pi devices with SSH port 22 open to use for mining cryptocurrency.
Fireball is a trojan that creates a critical backdoor that has impacted over 250 million computers worldwide. Fireball can be used to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks.
A VBS-based RAT that targets users through spammed emails with malicious attachments or links to spread the trojan. The malicious payload is a VBS file, often wrapped in a PE executable dropper and contains multiple layers of obfuscation.
A trojan discovered in February 2017 and deployed against select targets using covert communication channels to evade detection.
A trojan used by a select group of threat actors to conduct online banking fraud attacks targeting consumer and business bank accounts. These actors infiltrate the accounts, steal credentials, and manipulate banking sessions to eventually take over the bank accounts and transfer cash from the victim account to one under their control.
A remote access trojan (RAT) available for sale on the internet for $25. It is a modular trojan that can be modified to include additional plugins expanding its functionality and performance based on the user's needs.