Results for trojan

Threat Research

FortiGuard Labs Weekly Threat Update – November 1, 2019

Learn about the cyber threats uncovered during the week of November 1, 2019.

By Jeannette Jarvis November 01, 2019

Threat Research

FortiGuard Labs Weekly Threat Update – Week of October 25, 2019

Learn about the cyber threats uncovered during the week of October 25, 2019.

By Jeannette Jarvis October 25, 2019

Threat Research

Fake Indian Income Tax Calculator Delivers xRAT Variant

FortiGuard Labs recently discovered an Excel file claiming to provide an income tax calculator that purports to be from India’s Income Tax Department, but instead contains a variant of the xRAT trojan. Learn more.

By Jasper ManuelAugust 16, 2019

Threat Research

New Ursnif Variant Spreading by Word Document

FortiGuard Labs recently captured a number of Word documents that were spreading a new variant of the Ursnif trojan. Learn more about how it operates and the techniques it uses.

By Xiaopeng ZhangAugust 07, 2019

Threat Research

Tricky Chinese-Targeted Trojan Bypasses Authentication

FortiGuard Labs uncovered a new campaign targeted at Chinese-speakers using malware that bypasses normal authentication by exploiting known WinRAR file (cve-2018-20250) and RTF file (cve-2017-11882) vulnerabilities. Read this analysis to learn more.

By Yueh-Ting ChenAugust 07, 2019

Threat Research

CTA Adversary Playbook: Goblin Panda

The FortiGuard SE Team has released a new adversary playbook on the threat actor group known as Goblin Panda as part of its role in the Cyber Threat Alliance (CTA).

By FortiGuard SE TeamNovember 01, 2018

Threat Research

Trickbot’s New Reconnaissance Plugin

Fortinet FortiGuard Labs has found a new plugin named networkDLL that is being distributed to the victims of the Trickbot Trojan. This new plugin is similar to the old DomainGrabber plugin discovered late last year in that they both try to collect information about the victim’s network. In fact, we have observed the same functions being used by both plugins.

Threat Research

A Look Into The New Strain Of BankBot

BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides itself and then tricks the user into typing his or her credentials into fake bank web pages that have been injected onto the device’s screen.

By Dario DurandoSeptember 19, 2017

Threat Research

A Quick Look at a New KONNI RAT Variant

      KONNI is a remote access Trojan (RAT) that was first reported in May of 2017, but is believed to have been in use for over 3 years. As Part of our daily threat monitoring, FortiGuard Labs came across a new variant of the KONNI RAT and decided to take a deeper look. KONNI is known to be distributed via campaigns that are believed to be targeting North Korea. This new variant isn’t different from previous variants, as it is dropped by a DOC file containing text that was drawn from a CNN article entitled 12 things...

By Jasper ManuelAugust 15, 2017

Threat Research

Deep Analysis of New Emotet Variant – Part 1

Background Last week, FortiGuard Labs captured a JS file that functions as a malware downloader to spread a new variant of the Emotet Trojan. Its original file name is Invoice__779__Apr___25___2017___lang___gb___GB779.js.  A JS file, as you may be aware, is a JavaScript file that can be executed by a Window Script Host (wscript.exe) simply by double-clicking on it. In this blog we will analyze how this new malware works by walking through it step by step in chronological order. A JS file used to spread malware The original JS code...

By Xiaopeng ZhangMay 03, 2017