Results for trojan

Threat Research

Fake Indian Income Tax Calculator Delivers xRAT Variant

FortiGuard Labs recently discovered an Excel file claiming to provide an income tax calculator that purports to be from India’s Income Tax Department, but instead contains a variant of the xRAT trojan. Learn more.

By Jasper ManuelAugust 16, 2019

Threat Research

New Ursnif Variant Spreading by Word Document

FortiGuard Labs recently captured a number of Word documents that were spreading a new variant of the Ursnif trojan. Learn more about how it operates and the techniques it uses.

By Xiaopeng ZhangAugust 07, 2019

Threat Research

Tricky Chinese-Targeted Trojan Bypasses Authentication

FortiGuard Labs uncovered a new campaign targeted at Chinese-speakers using malware that bypasses normal authentication by exploiting known WinRAR file (cve-2018-20250) and RTF file (cve-2017-11882) vulnerabilities. Read this analysis to learn more.

By Yueh-Ting ChenAugust 07, 2019

Threat Research

CTA Adversary Playbook: Goblin Panda

The FortiGuard SE Team has released a new adversary playbook on the threat actor group known as Goblin Panda as part of its role in the Cyber Threat Alliance (CTA).

By FortiGuard SE TeamNovember 01, 2018

Threat Research

Trickbot’s New Reconnaissance Plugin

Fortinet FortiGuard Labs has found a new plugin named networkDLL that is being distributed to the victims of the Trickbot Trojan. This new plugin is similar to the old DomainGrabber plugin discovered late last year in that they both try to collect information about the victim’s network. In fact, we have observed the same functions being used by both plugins.

Threat Research

A Look Into The New Strain Of BankBot

BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides itself and then tricks the user into typing his or her credentials into fake bank web pages that have been injected onto the device’s screen.

By Dario DurandoSeptember 19, 2017

Threat Research

A Quick Look at a New KONNI RAT Variant

      KONNI is a remote access Trojan (RAT) that was first reported in May of 2017, but is believed to have been in use for over 3 years. As Part of our daily threat monitoring, FortiGuard Labs came across a new variant of the KONNI RAT and decided to take a deeper look. KONNI is known to be distributed via campaigns that are believed to be targeting North Korea. This new variant isn’t different from previous variants, as it is dropped by a DOC file containing text that was drawn from a CNN article entitled 12 things...

By Jasper ManuelAugust 15, 2017

Threat Research

Deep Analysis of New Emotet Variant – Part 1

Background Last week, FortiGuard Labs captured a JS file that functions as a malware downloader to spread a new variant of the Emotet Trojan. Its original file name is Invoice__779__Apr___25___2017___lang___gb___GB779.js.  A JS file, as you may be aware, is a JavaScript file that can be executed by a Window Script Host (wscript.exe) simply by double-clicking on it. In this blog we will analyze how this new malware works by walking through it step by step in chronological order. A JS file used to spread malware The original JS code...

By Xiaopeng ZhangMay 03, 2017

Threat Research

A Brazilian Trojan Using A Jar File, VB Scripts And A DLL For Its Multi-Stage Infection

As part of Fortinet’s continued efforts to protect its customers, we carry out a variety of tests to improve the detection of malicious content, whether it’s file or network related. While checking out some HTTPS phishing websites last month, one URL stood out. It wasn’t a phishing site, but it downloaded a file called BR52357896253ex.zip (which is detected as “Java/Banload.BD!tr” by Fortinet AntiVirus service) from a file sharing website. The compressed file also contained a Jar that downloaded additional files,...

By Lilia Elena Gonzalez MedinaOctober 14, 2016

Industry Trends

Threat Intelligence Roundup - September 02, 2016

August ended with the spike in malware activity we predicted last week to welcome everyone back to school and work. Here is a summary of this week’s FortiGuard Threat Intelligence Brief. 1. Ransomware explodes. Ransomware took off this week, filling nine of our weekly top-ten malware detection list slots. Not only that, but while last week our top five detections list amounted to about 2.5 million attempted ransomware infections, this week the top five totaled over 15.5 million ransomware attempts. That more than a 6X increase in a single...

By Bill McGeeSeptember 02, 2016