Read our hand-picked selection of the latest security articles in which botnets and RATs make frequent appearances. Despite the changes in the industry earlier this year when Coinhive closed shop, cryptominers are also still a menace.

For more articles, check out our #onpatrol4malware blog.

Nemty ransomware

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

Source: Talos

A new threat actor named “Panda” has generated thousands of dollars worth of the Monero cryptocurrency through the use of RATs. Read more.

Nemty ransomware

Hello! My name is Dtrack

Source: SecureList

Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Read more.

Nemty ransomware

World’s most destructive botnet returns with stolen passwords and email in tow

Source: ARS Technica

If you’ve noticed an uptick of spam that addresses you by name or quotes real emails you’ve sent or received in the past, you can probably blame Emotet. Read more.

Nemty ransomware

New Phishing Campaign Targets U.S. Taxpayers by Dropping Amadey Botnet

Source: Cofense

The Cofense Phishing Defense CenterTM has detected a new wave of attacks targeting the US taxpayer by delivering Amadey botnet via phishing emails. Read more.


The Massive Propagation of the Smominru Botnet

Source: Guardicore

Guardicore Labs has been tracking the Smominru botnet and its different variants – Hexmen and Mykings – since 2017. Read more.

install ransomware

Malware Used by BlackTech after Network Intrusion

Source: JPCert

We have been seeing that a new malware variant is being used after they successfully intruded into a target network. This article explains the details of the variant. Read more.


Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore

Source: NSHC

Their activities were first discovered in 2017, and the ThreatRecon Team tracks both this group and the members behind “Hagga” collectively as the SectorH01 group. Read more.


DNSSEC fueling new wave of DNS amplification attacks

Source: Helpnet Security

TDNS amplification attacks swelled in the second quarter of this year, with the amplified attacks spiking more than 1,000% compared with Q2 2018, according to Nexusguard. Read more.


Nemty Ransomware 1.0: A Threat in its Early Stage

Source: Fortinet

FortiGuard Labs was investigating the Sodinokibi ransomware family, when we came across the newly discovered Nemty Ransomware. Read more.

Nemty ransomware

Gootkit malware crew left their database exposed online without a password

Source: ZDNet

We’ll be using the name Gootkit to refer to both the malware and the criminal group behind it. Read more.


Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload

Source: Trend Micro

Cryptocurrency-mining malware is still a prevalent threat, as illustrated by our detections of this threat in the first half of 2019. Read more.

Nemty ransomware

MobiHok RAT, a new Android malware based on old SpyNote RAT

Source: Security Affairs

A new Android malware has appeared in the threat landscape, tracked as MobiHok RAT, it borrows the code from the old SpyNote RAT. Read more.

Nemty ransomware

Astaroth Uses Facebook and YouTube within Infection Chain

Source: Cofense

Cofense Intelligence™ has identified a phishing campaign targeting Brazilian citizens with the Astaroth Trojan in which Facebook and YouTube profiles are used in support of the infection. Read more.

Nemty ransomware

Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study

Source: McAfee

Historically, sandboxes had allowed researchers to visualize the behavior of malware accurately within a short period of time. Read more.


Newly Discovered Infostealer Attack Uses LokiBot

Source: Fortinet

The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. Read more.


Dissecting the 10k Lines of the new TrickBot Dropper

Source: Yoroi

TrickBot it is one of the best known Banking Trojan which has been infecting victims since 2016, it is considered a cyber-crime tool. Read more.