This list contains the top 10 malware and ransomware families detected by Netskope targeting users in Japan in the last 12 months:
Backdoor.Zusy (a.k.a. TinyBanker) is a banking Trojan based on the source code of Zeus, aiming to steal personal information via code injection into websites.
Infostealer.Azorult (a.k.a. PuffStealer) is a malware that aims to steal sensitive information such as account passwords. In March 2024, a campaign tracked by Netskope Threat Labs delivered Azorult via Google Slides and HTML smuggling.
Infostealer.QakBot (a.k.a. Quakbot, QBot) is a modular malware, active since 2007, capable of stealing sensitive financial data from infected systems, often delivered via malicious documents.
RAT.ComRAT is a second-stage implant used by the Turla threat group. The first version of ComRAT was identified in 2007. The malware can send information to the attacker and receive commands to be executed.
RAT.NetWiredRC (a.k.a. NetWire RC) is a malware associated with APT33, aimed to provide remote access and steal sensitive information, like passwords.
RAT.NjRAT (a.k.a. Bladabindi) is a remote access Trojan with many capabilities, including logging keystrokes, stealing credentials from browsers, accessing the victim’s camera, and managing files.
RAT.Remcos is a remote access Trojan that provides an extensive list of features to remotely control devices, and it’s popularly abused by many attackers.
Trojan.ModernLoader (a.k.a Avatar Bot) is a malware able to collect basic system information as well as deliver multiple malwares to the infection system, such as cryptominers and RATs.
Trojan.Ursnif (a.k.a. Gozi) is a banking Trojan and backdoor, whose source code was leaked on GitHub in 2005, allowing attackers to create and distribute many variants.
Trojan.Valyria (a.k.a. POWERSTATS) is a family of malicious Microsoft Office documents that contain embedded malicious VBScripts, usually to deliver other malicious payloads.