Duke is the general name for malware toolsets used by the APT29 APT (Advanced Persistent Threat) actor, also known as The Dukes, Cloaked Ursa, CozyBear, Nobelium, and UNC2452. APT29 is a Russian state-sponsored group associated with the Foreign Intelligence Service of the Russian Federation (SVR R
StandartInitiator is an adware-type application that we discovered while investigating new submissions to the VirusTotal website. This piece of advertising-supported software is part of the AdLoad malware family. StandartInitiator is designed to run intrusive advertisement campaigns by feeding u
"Stalled Funds - United Bank Of Africa" is a phishing email targeting recipients' personally identifiable and financial information. The letter aims to extract the highly sensitive data by falsely claiming that a nonexistent payment to the recipient, which has been unjustly stalled, will be transf
JanelaRAT is a Remote Access Trojan (RAT). It is a piece of sophisticated malicious software designed to enable remote access and control over compromised machines. JanelaRAT has been observed being implemented in attacks targeting Latin American banking and financial institutions. Based on the u
Our researchers found the Taqw ransomware-type program during a routine inspection of new submissions to VirusTotal. This piece of malicious software is part of the Djvu ransomware family. Programs within the ransomware classification are designed to encrypt data and demand payment for its decrypt
Agniane is a stealer – a type of malware designed to extract and exfiltrate sensitive information from infected machines. This stealer is heavily focused on stealing cryptocurrency-related data. After infiltrating a system, Agniane begins collecting device data, e.g., device name, CPU, GPU
NightClub is the name of a malware that has spyware and data-stealing capabilities. This program has at least four versions, with the earliest variant dating back to 2014. NightClub malware is used by a threat actor dubbed MoustachedBouncer. This group has been around for nearly a decade and almo
We discovered the MotionOptimizer application during a routine investigation of new submissions to the VirusTotal site. Our analysis revealed that this app is advertising-supported software (adware) and that it belongs to the AdLoad malware family. Adware is designed to generate revenue
XI New Tab is a rogue extension promising to display browser wallpapers. Our research team discovered it while investigating untrustworthy websites. After analyzing XI New Tab, we learned that it makes modifications to browser settings in order to promote (through redirects) the xitabs.com fake s
Knight ransomware is the rebrand of Cyclops. Malware within this classification is designed to encrypt files and demand ransoms for their decryption. When we executed a sample of Knight on our test system, it began encrypting files and appended their filenames with a ".knight_l" extension. For ex