A domain name system (DNS) changer trojan that is delivered with an adware bundle and used to block access to security-related sites, preventing victims from installing software that could get rid of the adware.

Read More

Dofloo (aka AESDDoS) is a popular malware used to create large scale botnets that can launch DDoS attacks and load cryptocurrency miners to the infected machines.

Read More
Trojan VariantsNJCCIC

Qulab was recently discovered utilizing YouTube videos to promote a bitcoin generator tool that promises to generate free bitcoins for its users. This scam is pushing Qulab information-stealing and clipboard hijacking. As users and videos are reported, they are taken down; however, threat actors create new users and videos.

Read More

HiddenWasp is considered a highly sophisticated malware targeting Linux systems. What makes this threat so nefarious is that it is virtually undetectable, as it can bypass all major anti-virus systems, at the time of writing.

Read More

Cannon is a trojan used by the advanced persistent threat (APT) group APT28, also known as Fancy Bear, Tsar Team, Group 74, Sednit, and Sofacy, a cyber-espionage group likely associated with the Russian military agency, GRU.

Read More
Trojan VariantsNJCCICCannon
Agent Tesla

Agent Tesla is a modular, monitoring software written in .Net, currently being sold online as a legal keylogger product for personal use. It first appeared on a Turkish-language Wordpress site back in 2014, and has since seen a recent surge of activity through its current domain, agenttesla-dot-com.

Read More