Malware 2025 2025 2024 2023 2022 2021 2020 2019 Viry znalosti Programy Virus Calendar MALWARE TRAFFIC Ransom Database Znalosti Programy Banking Mobil RAT Evolution MALWARE DATABAZE Malware Families CoinMiner RAT Banking Malware Mobil malware RAT ROOTKIT
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 30.5.25 | XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | MALWARE | RAT |
| 30.5.25 | EDDIESTEALER | Chasing Eddies: New Rust- based InfoStealer used in CAPTCHA campaigns | MALWARE | STEALER |
| 29.5.25 | PE File DOS Header | The MS-DOS Header is a 64-byte structure at the beginning of a PE file. Along with the DOS stub, the DOS header is responsible for MS-DOS backward compatibility. | MALWARE | RAT |
| 28.5.25 | Dero miner | Dero miner zombies biting through Docker APIs to build a cryptojacking horde | MALWARE | CRYPTOCURRENCY |
| 28.5.25 | VenomRAT | Inside a VenomRAT Malware Campaign | MALWARE | RAT |
| 27.5.25 | Winos 4.0 | NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign | MALWARE | Loader |
| 24.5.25 | Lactrodectus | Following the spiders: Investigating Lactrodectus malware | MALWARE | RAT |
| 21.5.25 | Pure Harm | Pure Harm: PureRAT Attacks Russian Organizations | MALWARE | RAT |
| 20.5.25 | RedisRaider | RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale | MALWARE | CRYPTOCURRENCY |
| 18.5.25 | SnipVex | SnipVex—more than a Clipbanker | MALWARE | Stealer |
| 18.5.25 | XRed | XRed Backdoor: The Hidden Threat in Trojanized Programs | MALWARE | Backdoor |
| 18.5.25 | Skitnet | Skitnet is a multi-stage malware that uses Rust and Nim to execute a stealthy reverse shell over DNS, leveraging encryption, manual mapping, and dynamic API resolution to evade detection | MALWARE | Loader |
| 16.5.25 | Remcos RAT | Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT | MALWARE | RAT |
| 13.5.25 | Noodlophile | New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms | MALWARE | STEALER |
| 10.5.25 | OtterCookie v4 | Additional Features of OtterCookie Malware Used by WaterPlum | MALWARE | STEALER |
| 9.5.25 | PupkinStealer | PupkinStealer : A .NET-Based Info-Stealer | MALWARE | STEALER |
| 9.5.25 | HANNIBAL Stealer | HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage | MALWARE | STEALER |
| 8.5.25 | StealC | I StealC You: Tracking the Rapid Changes To StealC | MALWARE | Steal |
| 8.5.25 | COLDRIVER | COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | MALWARE | Steal |
| 6.5.25 | TerraStealerV2 and TerraLogger | TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered | MALWARE | Loader |
| 2.5.25 | MintsLoader | Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting | MALWARE | Loader |
| 1.5.25 | Sheriff | IBM X-Force discovers new Sheriff Backdoor used to target Ukraine | MALWARE | Backdoor |
| 25.4.25 | DslogdRAT | DslogdRAT Malware Installed in Ivanti Connect Secure | MALWARE | RAT |
| 24.4.25 | io_uring | io_uring Is Back, This Time as a Rootkit | MALWARE | ROOTKIT |
| 22.4.25 | SuperCard X Malware | A novel Android malware offered through a Malware-as-a-Service (MaaS) model, enabling NFC relay attacks for fraudulent cash-outs. | MALWARE | ANDROID |
| 18.4.25 | MysterySnail RAT | IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia | MALWARE | RAT |
| 18.4.25 | PAKLOG, CorKLOG, and SplatCloak | P2 | Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 | MALWARE | APT |
| 18.4.25 | ToneShell and StarProxy | P1 | Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 | MALWARE | APT |
| 18.4.25 | XorDDoS controller | Unmasking the new XorDDoS controller and infrastructure | MALWARE | DDoS |
| 16.4.25 | Android.Clipper | Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft? | MALWARE | Android |
| 16.4.25 | BPFDoor | BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets | MALWARE | Backdoor |
| 16.4.25 | SNOWLIGHT | According to sysdig, SNOWLIGHT is used as a dropper for its fileless payload (vshell). | MALWARE | Linux |
| 15.4.25 | ResolverRAT | New Malware Variant Identified: ResolverRAT Enters the Maze | MALWARE | RAT |
| 15.4.25 | CurlBack RAT | Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks | MALWARE | RAT |
| 12.4.25 | TsarBot | TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications | MALWARE | Bot |
| 11.4.25 | SpyNote | Newly Registered Domains Distributing SpyNote Malware | MALWARE | Android RAT |
| 10.4.25 | GammaSteel | Shuckworm Targets Foreign Military Mission Based in Ukraine | MALWARE | PowerShell |
| 9.4.25 | TCESB | How ToddyCat tried to hide behind AV software | MALWARE | Rootkit |
| 9.4.25 | ClipBanker | Attackers distributing a miner and the ClipBanker Trojan via SourceForge | MALWARE | Trojan |
| 2.4.25 | Outlaw | Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective | MALWARE | Linux |
| 2.4.25 | HijackLoader | Analyzing New HijackLoader Evasion Tactics |
Loader |
|
| 2.4.25 | Anubis Backdoor | The Savage Ladybug , also known as FIN7, has developed a new, mildly obfuscated Python-based backdoor called Anubis Backdoor . This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine. |
Backdoor |
|
|
1.4.25 |
To achieve persistence on infected systems, Water Gamayun employs two distinct backdoors in their campaigns. In earlier campaigns with encrypthub[.]net/org, they utilized the SilentPrism backdoor, a tool designed for stealthy access and control. In their latest campaign, we identified a new backdoor, which we have named DarkWisp. |
Backdoor |
||
|
1.4.25 |
The MSC EvilTwin loader represents a novel approach (CVE-2025-26633) to malware deployment by leveraging specially crafted Microsoft Saved Console (.msc) files. The MSC EvilTwin loader creates two directories: C:\Windows \System32<space>\ and C:\Windows<space>\System32\en-US. |
Loader |
||
|
1.4.25 |
SilentPrism is a backdoor malware designed to achieve persistence, dynamically execute shell commands, and maintain unauthorized remote control of compromised systems. |
Backdoor |
||
|
1.4.25 |
On July 26, 2024, security researcher Germán Fernández tweeted about a fake WinRAR website distributing various types of malwares, including stealers, miners, hidden virtual network computing (hVNC), and ransomware, as shown. These malicious tools were hosted on a GitHub repository named "encrypthub," managed by a user called "sap3r-encrypthub" |
Stealer |
||
|
31.3.25 |
CISA analyzed three files obtained from a critical infrastructure’s Ivanti Connect Secure device after threat actors exploited Ivanti CVE-2025-0282 for initial access. One file—that CISA is calling RESURGE—has functionality similar to SPAWNCHIMERA in how it creates a Secure Shell (SSH) tunnel for command and control (C2). |
ICS |
||
|
29.3.25 |
Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices |
ANDROID |
||
|
28.3.25 |
ANALYSIS OF A DISCORD-BASED REMOTE ACCESS TROJAN (RAT) |
RAT |
||
|
28.3.25 |
Analysis of Konni RAT: Stealth, Persistence, and Anti-Analysis Techniques |
RAT |
||
|
28.3.25 |
SnakeKeylogger | SnakeKeylogger – A Multistage Info Stealer Malware Campaign | MALWARE | Keylogger |
|
28.3.25 |
CoffeeLoader | CoffeeLoader: A Brew of Stealthy Techniques | MALWARE | Loader |
|
28.3.25 |
PJobRAT | PJobRAT makes a comeback, takes another crack at chat apps | MALWARE | ANDROID RAT |
|
28.3.25 |
EDRKillShifter | Shifting the sands of RansomHub’s EDRKillShifter | MALWARE | Tool |
|
25.3.25 |
Raspberry Robin | Raspberry Robin: Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor Attacks | MALWARE | Worm |
|
25.3.25 |
Raspberry Robin | Raspberry Robin: Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor Attacks | MALWARE | Worm |
|
21.3.25 |
Bloody Wolf | The notorious cluster changes its toolkit by switching from malware to a legitimate remote administration tool | MALWARE | Toolkit |
|
21.3.25 |
ABYSSWORKER | Shedding light on the ABYSSWORKER driver | MALWARE | Driver |
|
21.3.25 |
Arcane stealer | What’s intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla and DynDNS. The stealer was named Arcane, not to be confused with the well-known Arcane Stealer V. | MALWARE | Stealer |
|
20.3.25 |
Paragon's Adroid Spyware | Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations | MALWARE | Android |
|
20.3.25 |
PEAKLIGHT | PEAKLIGHT: Decoding the Stealthy Memory-Only Malware | MALWARE | DROPPER |
|
20.3.25 |
ClearFake | ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery | MALWARE | JAVASCRIPT |
|
18.3.25 |
StilachiRAT | StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | MALWARE | RAT |
|
16.3.25 |
StealBit | THREAT ANALYSIS REPORT: Inside the LockBit Arsenal - The StealBit Exfiltration Tool | MALWARE | TOOL |
| 14.3.25 | MassJacker | Captain MassJacker Sparrow: Uncovering the Malware’s Buried Treasure | MALWARE | Cryptojacking |
| 14.3.25 | OBSCURE#BAT | Analyzing OBSCURE#BAT: Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits | MALWARE | Rootkit |
| 13.3.25 | KoSpy | Lookout Discovers New Spyware by North Korean APT37 | MALWARE | Spyware |
|
8.3.25 | BADBOX 2.0 | Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes | MALWARE | Android |
|
8.3.25 | Zloader 2.9.4.0 | Inside Zloader’s Latest Trick: DNS Tunneling |
Loader |
|
| 8.3.25 | Skuld stealer | TMPN (Skuld) Stealer: The dark side of open source | MALWARE | Stealer |
| 8.3.25 | Trojan-Downloader.Win32.TookPS | Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity | MALWARE | AI |
| 8.3.25 | Ragnar Loader | (a.k.a Sardonic Backdoor) is a sophisticated toolkit of the Monstrous Mantis | MALWARE | Loader |
| 7.3.25 | Cobalt Strike kit | Unmasking the new persistent attacks on Japan | Kit | |
| 7.3.25 | EncryptRAT | Unveiling EncryptHub: Analysis of a multi-stage malware campaign | MALWARE | RAT |
| 6.3.25 | Poco RAT | The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT | MALWARE | RAT |
| 5.3.25 | Typosquatted | Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems | MALWARE | Go |
| 5.3.25 | BackConnect | Qbot is Back.Connect | MALWARE | Stealer |
| 5.3.25 | Polyglot Malware | Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware | MALWARE | Go |
| 5.3.25 | clipper malware | Infostealer Campaign against ISPs | MALWARE | Infostealer |
| 4.3.25 | Havoc | Havoc: SharePoint with Microsoft Graph API turns into FUD C2 | MALWARE | Loader |
| 27.2.25 | CleverSoar | New “CleverSoar” Installer Targets Chinese and Vietnamese Users | MALWARE | Rootkit |
| 27.2.25 | ValleyRAT | ValleyRAT Insights: Tactics, Techniques, and Detection Methods | MALWARE | RAT |
| 27.2.25 | Winos 4.0 | Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan | MALWARE | MALWARE |
| 27.2.25 | TgToxic | Android trojan TgToxic updates its capabilities | MALWARE | Android |
| 26.2.25 | Auto-Color | Auto-Color: An Emerging and Evasive Linux Backdoor | MALWARE | Linux |
| 26.2.25 | LightSpy | LightSpy Expands Command List to Include Social Media Platforms | MALWARE | Spyware |
| 25.2.25 | HiddenGh0st RAT | Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign | MALWARE | RAT |
| 24.2.25 | ACRStealer | ACRStealer Infostealer Exploiting Google Docs as C2 | MALWARE | Stealer |
| 22.2.25 | NailaoLocker | Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors | MALWARE | Backdoor |
| 22.2.25 | Shadowpad | Updated Shadowpad Malware Leads to Ransomware Deployment | MALWARE | Backdoor |
| 20.2.25 | XLoader | XLoader Executed Through JAR Signing Tool (jarsigner.exe) | MALWARE | Loader |
| 20.2.25 | StaryDobry | StaryDobry ruins New Year’s Eve, delivering miner instead of presents | MALWARE | Cryptominer |
| 20.2.25 | Snake Keylogger | FortiSandbox 5.0 Detects Evolving Snake Keylogger Variant | MALWARE | Keylogger |
| 20.2.25 | JS to C2 | javascript-to-command-and-control-c2-server-malware | MALWARE | JavaScript |
| 18.2.25 | FrigidStealer | An Update on Fake Updates: Two New Actors, and New Mac Malware | MALWARE | MacOS |
| 18.2.25 | ELF/Sshdinjector.A!tr | Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst | MALWARE | Linux |
| 18.2.25 | DEATHLOTUS | A passive CGI backdoor that supports file creation and command execution | MALWARE | Backdoor |
| 18.2.25 | UNAPIMON | A defense evasion utility written in C++ | MALWARE | Utility |
| 18.2.25 | PRIVATELOG | A loader that's used to drop Winnti RAT (aka DEPLOYLOG) which, in turn, delivers a kernel-level rootkit named WINNKIT by means of a rootkit installer | MALWARE | Rootkit |
| 18.2.25 | CUNNINGPIGEON | A backdoor that uses Microsoft Graph API to fetch commands – file and process management, and custom proxy – from mail messages | MALWARE | Backdoor |
| 18.2.25 | WINDJAMMER | A rootkit with capabilities to intercept TCPIP Network Interface, as well as create covert channels with infected endpoints within intranet | MALWARE | Rootkit |
| 18.2.25 | SHADOWGAZE | A passive backdoor reusing listening port from IIS web server | MALWARE | Backdoor |
| 18.2.25 | XCSSET | Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that targets users by infecting Xcode projects, in the wild. | MALWARE | MacOS |
| 18.2.25 | Golang Backdoor | Telegram Abused as C2 Channel for New Golang Backdoor | MALWARE | Backdoor |
| 10.2.25 | FINALDRAFT | From South America to Southeast Asia: The Fragile Web of REF7707 | MALWARE | Malware |
| 10.2.25 | NAPLISTENER | NAPLISTENER: more bad dreams from developers of SIESTAGRAPH | MALWARE | Malware |
| 10.2.25 | BadIIS | This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment. | MALWARE | Malware |
| 10.2.25 | ASPXSpy | ASPXSpy is a Web shell. It has been modified by Threat Group-3390 actors to create the ASPXTool version. | MALWARE | Malware |
| 10.2.25 | Malicious ML models | Malicious ML models discovered on Hugging Face platform | MALWARE | AI |
| 10.2.25 | ValleyRAT | Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques | MALWARE | RAT |
| 10.2.25 | Sliver | Not-so-SimpleHelp exploits enabling deployment of Sliver backdoor | MALWARE | Backdoor |
| 10.2.25 | SparkCat | Take my money: OCR crypto stealers in Google Play and App Store | MALWARE | Android |
| 5.2.25 | RDP Wrapper | Persistent Threats from the Kimsuky Group Using RDP Wrapper | MALWARE | Wrapper |
| 5.2.25 | AsyncRAT | AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again | MALWARE | RAT |
| 5.2.25 | FERRET | macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed | MALWARE | macOS |
| 5.2.25 | boltdb-go | Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence | MALWARE | GO Backdoor |
| 5.2.25 | Coyote Banking Trojan | Coyote Banking Trojan: A Stealthy Attack via LNK Files | MALWARE | Banking |
| 27.1.25 | MintsLoader: StealC | MintsLoader: StealC and BOINC Delivery | MALWARE | Loader |
| 25.1.25 | TorNet | New TorNet backdoor seen in widespread campaign | MALWARE | Backdoor |
|
10.1.25 | Banshee Stealer | Cracking the Code: How Banshee Stealer Targets macOS Users | MALWARE | MacOS |
|
10.1.25 | NonEuclid RAT | The NonEuclid Remote Access Trojan (RAT) is a type of malicious software that enables unauthorised remote access and control of a victim’s computer, often without their awareness. | MALWARE | RAT |
|
2.1.25 | Quasar RAT | Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts | MALWARE | RAT |