● 80 entries

Malware

AdwareSoftware that automatically displays, injects, or redirects to advertisements, often bundled with free software and frequently tracking user behavior.
Agent TeslaA .NET-based remote access trojan and information stealer active since 2014, sold openly as a commercial product and distributed primarily through phishing emails carrying malicious Office documents and archive attachments.
Akira RansomwareA double-extortion ransomware-as-a-service operation first observed in March 2023, known for retro-styled leak sites and Cisco VPN intrusions.
BackdoorA covert mechanism that bypasses normal authentication or access controls to give an attacker future entry to a system.
Banking TrojanMalware designed to steal online-banking credentials and authorize fraudulent transactions, typically through web injects, form grabbing, or overlays.
BIOS RootkitA rootkit that infects legacy BIOS firmware so it executes before the operating system, achieving deep persistence below the OS.
BlackEnergyA modular malware family used by the Russian Sandworm group for espionage and destructive attacks, including the December 2015 Ukrainian power-grid blackout.
Boot Sector VirusA virus that infects the boot sector or master boot record of a disk so it runs before the operating system loads.
BootkitMalware that infects the boot process — MBR, VBR, or UEFI — to load before the operating system and obtain persistent, privileged control.
BotnetA network of internet-connected devices infected with malware and remotely controlled by an attacker to perform coordinated activities.
Browser HijackerSoftware that alters browser settings without user consent to redirect traffic, change the homepage and search engine, or inject unwanted ads.
CarbanakA financially motivated APT and malware family active since at least 2013 that targeted banks, payment processors and hospitality, estimated to have stolen around 1 billion USD.
Cl0p / Clop RansomwareA ransomware and data-extortion crew tracked as TA505 / FIN11 that mass-exploited file transfer zero-days, most notably MOVEit Transfer in 2023.
Command and Control (C2)The infrastructure and channels attackers use to maintain communication with compromised systems and send them instructions.
Computer VirusMalicious code that inserts copies of itself into other programs or files and executes when the host is run.
Computer WormSelf-replicating malware that propagates across networks autonomously, without requiring a host file or user interaction.
Credential StealerMalware focused specifically on extracting passwords, hashes, and authentication tokens from an infected system or its memory.
CryptojackingThe unauthorized use of someone else's computing resources to mine cryptocurrency, typically via malware or malicious browser scripts.
CryptominerSoftware that performs cryptocurrency mining; malicious variants run without consent and divert host resources to attacker-controlled wallets.
DarkSide RansomwareA Russian-speaking ransomware-as-a-service operation, active 2020-2021, best known for the May 2021 Colonial Pipeline attack that disrupted US fuel supply.
DownloaderLightweight malware whose main function is to retrieve and execute additional malicious payloads from a remote server.
DoxwareMalware that threatens to publish stolen sensitive data unless a ransom is paid, combining extortion with data-leak blackmail.
DropperMalware whose role is to install ("drop") another malicious payload onto a target system, often after evading initial detection.
EmotetA modular banking trojan turned malware-as-a-service loader that delivered ransomware affiliates and was taken down by international law enforcement in January 2021.
Equation GroupA sophisticated cyber-espionage actor publicly documented by Kaspersky in 2015 and widely attributed to the US NSA, known for firmware implants and Stuxnet-related tooling.
Fileless MalwareMalware that runs primarily in memory and leverages trusted system tools, avoiding the use of traditional executable files on disk.
Firmware MalwareMalicious code that lives in device firmware — BIOS/UEFI, network cards, drives, or peripherals — surviving OS reinstalls and most endpoint defences.
Fork BombA denial-of-service technique in which a process repeatedly forks itself, exhausting process tables, memory, and CPU on the host.
GootLoaderA long-running JavaScript-based initial-access loader operated by UNC2565, dropped via SEO-poisoned legal/contract template downloads and used to stage REvil, Cobalt Strike, IcedID, and ransomware affiliates.
GreywareSoftware that sits in a grey area between legitimate and malicious — annoying, intrusive, or risky, but not clearly designed to harm the user.
Hive RansomwareA prolific ransomware-as-a-service operation active 2021-2023 that targeted healthcare and critical infrastructure before the FBI covertly infiltrated it in late 2022.
IcedID / BokBotA modular banking trojan and loader first seen in 2017 that became a primary precursor to ransomware deployments by groups like Conti and Quantum.
Info StealerMalware that harvests credentials, cookies, tokens, crypto wallets, and other sensitive data from an infected device and exfiltrates it to the attacker.
KeyloggerSoftware or hardware that records the keystrokes a user types, used to steal passwords, financial data, or messages.
LoaderMalware that prepares the environment and loads further payloads — often directly into memory — for a subsequent stage of an attack.
Locky RansomwareA prolific 2016 ransomware family distributed mainly through malicious Office attachments that encrypted files and renamed them with a .locky extension.
Logic BombMalicious code that lies dormant inside a program and activates its payload only when a specific logical condition is met.
Lumma StealerA subscription-priced Russian-speaking malware-as-a-service info-stealer that emerged in 2022 and became one of the top-three stealers worldwide by 2024, distributed primarily via ClickFix lures and crack sites.
Macro VirusA virus written in the macro language of an office application that runs when an infected document is opened and macros are enabled.
MalwareAny software intentionally designed to disrupt, damage, or gain unauthorized access to computers, networks, or data.
Maze RansomwareA 2019-2020 ransomware operation that pioneered double-extortion, encrypting victims while threatening to publish stolen data on a dedicated leak site.
Medusa RansomwareA ransomware-as-a-service operation active since 2021 that uses double extortion, a public 'Medusa Blog' leak site, and frequently targets healthcare and education.
Metamorphic MalwareMalware that fully rewrites its own code on each propagation, producing semantically equivalent but structurally different binaries.
Mobile MalwareMalicious software that targets smartphones and tablets to steal data, intercept communications, mine cryptocurrency, or perform financial fraud.
Non-Resident VirusA virus that does not stay in memory after execution; it searches for and infects target files only while the host program runs, then exits.
NotPetyaA June 2017 destructive wiper masquerading as ransomware, spread via a backdoored M.E.Doc update and attributed to Russia's Sandworm.
PayloadThe part of an exploit, malware, or attack that actually performs the malicious action, such as encrypting files, opening a backdoor, or stealing data.
Play RansomwareA double-extortion ransomware group, also known as PlayCrypt, active since mid-2022 and notable for exploiting Microsoft Exchange and Fortinet vulnerabilities.
Polymorphic MalwareMalware that changes its on-disk appearance — typically via re-encryption or packing — for each infection, while keeping its core logic intact.
Potentially Unwanted Program (PUP)Software that is not strictly malicious but installs without clear consent, behaves intrusively, or degrades user experience — for example, bundled toolbars, adware, or aggressive optimizers.
QakBot / QBotA long-running banking trojan and ransomware loader disrupted by the FBI's Operation Duck Hunt in August 2023, with operators resurfacing months later.
Raccoon StealerA long-running malware-as-a-service info-stealer first seen in 2019; its operator was arrested in 2022 and the project was restarted as Raccoon v2, then progressively eclipsed by Lumma and RedLine.
RansomwareMalware that encrypts a victim's data or locks systems and demands payment in exchange for restoring access.
Ransomware-as-a-Service (RaaS)A criminal business model in which ransomware operators rent their malware and infrastructure to affiliates who carry out attacks and share the proceeds.
RedLine StealerA subscription Windows info-stealer that dominated 2020–2023 cybercrime markets, harvesting browser secrets, crypto wallets, and FTP/VPN credentials; its infrastructure was disrupted by Operation Magnus in October 2024.
Remote Access Trojan (RAT)Malware that gives an attacker covert, interactive control of an infected device, similar to a hidden remote-administration tool.
Resident VirusA virus that installs itself in memory so it can run continuously and infect files or processes long after its host program has exited.
Rhysida RansomwareA ransomware-as-a-service group first observed in May 2023, known for targeting healthcare, education, and government victims and for high-profile attacks including the British Library and Insomniac Games breaches.
Rogue Security SoftwareFake antivirus or system-cleaning software that pretends to find threats and demands payment to fix them, while often installing real malware itself.
RootkitStealth malware that grants and hides privileged access to an operating system or device, evading detection by standard tools.
Royal RansomwareA high-impact ransomware family that emerged from former Conti members in early 2022, hit hundreds of U.S. critical-infrastructure victims, and rebranded to BlackSuit in mid-2023 after the City of Dallas attack.
Ryuk RansomwareA targeted ransomware family operated by WIZARD SPIDER from 2018 onward that extracted large ransoms from enterprises, hospitals and local governments via TrickBot intrusions.
Sandworm TeamRussian GRU Unit 74455 (APT44), responsible for NotPetya, Ukrainian power-grid attacks, and the Olympic Destroyer campaign against the 2018 PyeongChang Games.
ScarewareMalicious software or web content that uses fake alarming messages to scare victims into installing junk software, paying for fake services, or calling fraudsters.
Screen ScraperMalware or surveillance code that captures images of a victim's screen or extracts text from it to harvest data displayed on-screen.
Shadow Brokers LeakA 2016-2017 series of leaks by a group calling itself 'The Shadow Brokers' that publicly dumped NSA-linked offensive cyber tools, including EternalBlue.
SocGholishA JavaScript-based fake-browser-update loader operated by TA569, served from thousands of compromised WordPress sites and used as the initial-access stage for ransomware affiliates including Evil Corp and BlackCat.
SpywareMalware that secretly collects information about a user, device, or organization and sends it to an external party.
Stealth MalwareMalware specifically engineered to evade detection by users, security tools, and forensic investigators through hiding, mimicry, and anti-analysis tricks.
Time BombA type of logic bomb whose triggering condition is a specific date, time, or elapsed interval rather than another logical event.
TrackwareSoftware that monitors and reports on user activity — sites visited, apps used, keystrokes, or location — typically for advertising, analytics, or stalking.
TrickBotA modular banking trojan and post-exploitation framework operated by the WIZARD SPIDER crew that paved the way for Ryuk, Conti and Diavol ransomware.
Trojan HorseMalware that disguises itself as a legitimate program to trick users into running it, delivering a hidden malicious payload.
UEFI RootkitA rootkit implanted in UEFI firmware that loads before the OS, persists across disk wipes, and bypasses most endpoint security.
Vidar StealerA long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures.
WabbitA self-replicating program that stays on a single host and exhausts its resources by spawning endless copies of itself, without spreading over the network.
WannaCryA May 2017 self-propagating ransomware worm that used the leaked NSA SMBv1 exploit EternalBlue to encrypt files on over 200,000 systems in 150 countries.
Wiper MalwareDestructive malware whose primary goal is to irreversibly erase or corrupt data, firmware, or boot records — not financial gain.
XWormA modular .NET remote-access trojan that emerged in 2022 and became one of the most distributed commodity RATs of 2024–2025, sold openly to low-skill operators and shipped via every common phishing and loader vector.
Zombie ComputerAn internet-connected device secretly compromised by malware so an attacker can remotely command it, typically as part of a botnet.