A trojan targeting Mac OS X systems first reported on in May 2015, packaged as an application bundle masquerading as an Adobe Flash Player update. A separate OceanLotus variant discovered in June 2017 is distributed via a zip file, likely sent as an attachment in an email.
A remote access trojan (RAT) written in the Delphi programming language that can remotely control infected systems. It has been used in a spear phishing campaign targeting Palestinians, specifically Palestinian law enforcement agencies.
A RAT and the first known MaaS targeting Mac users, available for free or as a paid, advanced version on a Dark Web forum. The malware has capabilities including: capture screenshots, log keystrokes, record voice, retrieve clipboard content, retrieve browsing data, obtain iCloud photos, retrieve any files and data, encrypt the entire user directory, disguise the malware as a legitimate file, and access emails and social network accounts.
A trojan distributed by unwanted program bundles and functions as protection software and makes it difficult for Windows users to run their security programs by blocking security vendor's certificates, preventing Windows from executing any program signed with that certificate, including those already installed on the device.
A banking trojan targeting banking institutions in Latin America, including Mexico and Peru. To infect users, it redirects them to a phishing page masquerading as the legitimate web page of a banking institutions, attempting to convince users to input their banking credentials. The trojan is currently distributed by the Beta Bot botnet.
A banking trojan first identified in 2009 that downloads files, steals information, and opens a backdoor on the compromised device. It is distributed via drive-by downloads after users visit infected webpages. Qbot then spreads through networks by copying itself to shared folders. It is typically used in highly-targeted campaigns to avoid drawing attention their operations.
A Linux trojan first identified in late May 2017 infecting Raspberry Pi devices with SSH port 22 open to use for mining cryptocurrency.
Fireball is a trojan that creates a critical backdoor that has impacted over 250 million computers worldwide. Fireball can be used to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks.
A VBS-based RAT that targets users through spammed emails with malicious attachments or links to spread the trojan. The malicious payload is a VBS file, often wrapped in a PE executable dropper and contains multiple layers of obfuscation.
A trojan discovered in February 2017 and deployed against select targets using covert communication channels to evade detection.
A trojan used by a select group of threat actors to conduct online banking fraud attacks targeting consumer and business bank accounts. These actors infiltrate the accounts, steal credentials, and manipulate banking sessions to eventually take over the bank accounts and transfer cash from the victim account to one under their control.
A remote access trojan (RAT) available for sale on the internet for $25. It is a modular trojan that can be modified to include additional plugins expanding its functionality and performance based on the user's needs.
A trojan used in fileless attacks by threat actors to target victims, convincing them to click a LNK file in a phishing email. A set of espionage tools - used to exfiltrate data - are then deployed through the Typhoon downloader and Lionrock backdoors.
A remote access trojan spread via malicious email attachments that allows threat actors to steal files, log keystrokes, take screenshots, and execute arbitrary code on the victim's machine and is typically used to target entities linked to North Korea.
A banking trojan spread via exploit kits, malicious websites, and malicious advertisements and used to steal user credentials from South Korean banking institutions.
A trojan malware used by a Chinese cyber-espionage group since at least mid-2016, targeting military and aerospace sectors in Russia and Belarus. The group uses ZeroT to download PlugX on victim devices.
A trojan loader with a file size is over 100MB. It is overlaid with junk data in an effort to complicate sample exchanges, stay below the radar of commonly-used YARA rules, and evade antivirus programs.
A remote access trojan (RAT) with the ability to bypass security measures like sandboxes and virtual machines, control the victim machine locally without an internet connection, gain system privileges, and prevent meaningful post-infection forensic analysis.
A remote access trojan (RAT) that first surfaced in 2012 and is used against high profile targets. This RAT is used by Chinese advanced persistent threat (APT) groups Deep Panda and Aurora Panda to target victims in the aerospace, government, healthcare, and technology sectors.
A remote access trojan (RAT) discovered by Palo Alto Networks in 2017 and has been active for over two years. It is delivered via a downloader, known as Carp, and uses malicious macros in Microsoft Excel documents to compile embedded C# programming language source code into an executable that runs and deploys the Cardinal RAT.