THREAT DESCRIPTIONS

Technical details and removal instructions for malicious threats identified by Labs

Listed below are the most recently published Threat Descriptions,
with technical details and removal instructions for threats that affect computers and mobile devices.

You can also look for Descriptions of other threats:

PC   |   Mobile

PC Threats

Adware     Application     Backdoor     Constructor     Exploit     Hack-Tool     Monitoring-Tool
Packed     Riskware     Rogue     Rootkit     Spyware     Trackware     Trojan     Virus     Worm    

Trojan-Downloader:JS/Locky

Trojan-Downloader:JS/Locky is ransomware that encrypts files saved on the machine and demands payment of a ransom in order to obtain the decryption key needed to restore normal access to the affected files.

Read more

Trojan-Downloader:W97M/Dridex

Trojan-Downloader:W97M/Dridex is a document file containing maliciously crafted macro code that, when allowed to run on a user's machine, drops a file onto the system. The dropped file attempts to contact a remote server.

Read more

Trojan.GenericKD.3016333

Trojan.GenericKD.3016333 is ransomware that encrypts files stored on the affected device and demands payment of a ransom.

Read more

Trojan:W32/Nymaim

Trojan:W32/Nymaim is ransomware that is also capable of downloading additional malware onto the affected device.

Read more

Trojan:W32/Bedep

Trojan:W32/Bedep engages in advertising fraud by forcing the affected device to visit unsolicited websites. These sites typically generate profit from displaying advertising content, which increases with a higher volume of web traffic.

Read more

Trojan:W32/Zanjif

Trojan:W32/Zanjif steals information, such as login credentials, from the compromised device.

Read more

Trojan:W32/Vawtrak

Trojan:W32/Vawtrak steals login credentials stored on or transmitted by the affected device.

Read more

Trojan:W32/Ursnif

Trojan:W32/Ursnif steals bank account numbers, credit card information, and online login credentials.

Read more

Trojan:W32/Tinba

Trojan:W32/Tinba steals banking and personal information by tricking the user into entering their sensitive details into a fake but legitimate-looking web form.

Read more

Trojan:W32/NomadSnore

Trojan:W32/NomadSnore is ransomware that encrypts files stored on the affected machine, then demands payment of a ransom in order to decrypt the files. It is notable for being the first ransomware to be written entirely in JavaScript.

Read more

Trojan:W32/Dllpatcher.A

Trojan:W32/Dllpatcher modifies the dnsapi.dll file Windows module to point to a new hosts file it creates, which contains additional hostnames and IP addresses.

Read more

Backdoor: Java/Adwind

Backdoor:Java/Adwind is a Java archive (.JAR) file that drops a malicious component onto the machines and runs as a backdoor. When active, it is capable of stealing user information and may also be used to distribute other malware.

Read more

Worm: W32/Ippedo

The detection Worm:W32/Ippedo identifies the malicious shortcut (.LNK) files used by the Ippedo worm to lure users into unwittingly launching its malicious code.

Read more

Exploit:W32/WormLink

Exploit:W32/WormLink is a Generic Detection for malicious shortcut (.LNK) files embedded in a document file that can exploit the CVE-2010-2568 vulnerability in various versions of Windows.

Read more

Trojan: W32/Nitol

Trojan:W32/Nitol is used to deliver an embedded component file (separately detected as Generic.Malware.Fdld.93A4F545) that checks the affected machine to see if it is running a server-related operating system; if so, the component contacts a command and control server and provides functionality to remotely download and execute other malware on the machine.

Read more

Trojan-Downloader:W32/Kavala

Trojan-Downloader:W32/Kavala contacts a remote server and downloads additional files onto the affected machine.

Read more

Trojan: W97M/MaliciousMacro

Trojan:W97M/MaliciousMacro is a macro program that has been embedded in a specially-crafted Microsoft Word document. If the user unwittingly opens the Word file, the macro is automatically run and its payload is executed.

Read more

Worm: W32/Njw0rm

Worm:W32/Njw0rm is a detection for maliciously modified shortcut (.LNK) files that are designed to trick users into unwittingly launching the NjW0rm file.

Read more

Worm: W32/Dorkbot

Worm:W32/Dorkbot is a detection for maliciously modified shortcut (.LNK) files that are designed to trick users into unwittingly launching the Dorkbot worm.

Read more

Trojan:W32/BandarChor

Trojan:W32/BandarChor is ransomware that steals control of the user's machine or data, then demands a payment from the user to restore normal access to the ransomed content or system.

Read more

Adware:W32/Superfish

Adware:W32/Superfish is a program pre-installed on some Lenovo consumer laptop models that surreptitiously inserts advertisements into webpages by either injecting JavaScript into non-encrypted web traffic or, for encrypted traffic, by using a self-signed root certificate that misrepresents itself as the official certificate of the website being viewed.

Read more

CTB-Locker

CTB-Locker is ransomware that encrypts files on the affected machine and demands payment in return for the decryption key needed to restore access to the files.

Read more

Exploit:SWF/CVE-2014-0515

Exploit:SWF/CVE-2014-0515 is an exploit for the CVE-2014-8439 vulnerability found in unpatched versions of Adobe Flash Player.

Read more

Rootkit:W32/Regin

Rootkit:W32/Regin is a complex espionage toolkit used to keep itself and other malicious components from being detected on an infected system. This malware has reportedly been used to target a variety of organizations around the world.

Read more

Backdoor:W32/OnionDuke

Backdoor:W32/OnionDuke (both A and B variants) are DLL files dropped by Trojan-Dropper:W32/OnionDuke and used to download and execute additional malicious components on the affected system.

Read more

Exploit:iPhoneOS/CVE-2014-4377

Exploit:iPhoneOS/CVE-2014-4377 identifies a maliciously crafted PDF document that attempts to exploit the CVE-2014-4377 vulnerability in iOS 7.1.x; successful exploitation would allow an attacker to remotely execute arbitrary code on the affected device.

Read more

Trojan-Downloader:W32/Wauchos

Trojan-Downloader:W32/Wauchos connects to remote servers and downloads additional malware onto the infected machine.

Read more

Backdoor:OSX/Iworm

Backdoor:OSX/Iworm connects affected Mac OS X machines to a botnet and is capable of executing a range of commands. At the time of writing, there have been no reports of the Iworm botnet being used for malicious activities.

Read more

Backdoor:W32/BlackEnergy

Backdoor:W32/BlackEnergy is a crimeware toolkit that has been modified for use in information gathering in advanced persistent threat (APT) atttacks.

Read more

Backdoor:Linux/Shellshock.A

Backdoor:Linux/Shellshock.A identifies files that attempt to exploit the CVE-2014-6271 vulnerability reported in Bash software. If successfully exploited, this vulnerability could allow remote attackers to execute code on the affected system. This vulnerability affects Unix-based operating systems, including Linux and Mac OS X.

Read more

Trojan-Spy:W32/FinSpy.A

Trojan-Spy:W32/FinSpy.A is a component of a commercial surveillance product that monitors user activity. Variants of FinSpy also exist on other platforms.

Read more

Backdoor:OSX/XSLCmd

Once installed on a system, Backdoor:OSX/XSLCmd waits for instructions from a remote server and executes them on the infected machine.

Read more

Trojan:W32/Cryptowall

Trojan:W32/Cryptowall is a ransomware that silently encrypts files on the user's machine and demands a ransom to provide the decryption key needed to decrypt the files.

Read more

Cryptolocker

Cryptolocker encrypts files on the compromised computer and demands a ransom to provide the decryption key needed to decrypt the files.

Read more

Trojan-Dropper:W32/CosmicDuke

Trojan-Dropper:W32/CosmicDuke steals information from an infected system using keylogging, screen captures and stealing file and clipboard data. Harvested data is forwarded to a remote server via FTP.

Read more

Backdoor:W32/Havex

Havex is a Remote Access Tool (RAT) used in targeted attacks. Once present on a machine, it scans the system and connected resources for information that may be of use in later attacks; the collected data is forwarded to remote servers.

Read more

Application:W32/InstallBrain

InstallBrain is an updater service that runs in the background and periodically updates associates browser plug-ins and add-ons.

Read more

Trojan:HTML/Browlock

Trojan:HTML/Browlock is ransomware that prevents users from accessing the infected machine's Desktop; it then demands payment, supposedly for either possession of illegal material or usage of illegal software.

Read more

Trojan-Downloader:W32/Mevade

Trojan-Downloader:W32/Mevade.A reportedly downloads adware onto the affected system.

Read more

Trojan-Downloader:W32/JQAC

This trojan-downloader attempts to connect to a remote server and download additional files onto the affected machine.

Read more

Trojan.Java.Agent.I

Trojan.Java.Agent.I is a trojan-dropper written in Java. On execution, the malware drops and runs an executable file.

Read more

Trojan.Iframe.BMY

Trojan.Iframe.BMY (and the similar Trojan.JS.Iframe.CVT and Trojan.Iframe.BZW detections) identify webpages that contain a suspicious hidden iframe appended to the end of their HTML code.

Read more

Trojan-Dropper:OSX/Revir.D

Trojan-Dropper:OSX/Revir.D silently drops other malicious programs onto the machine; on execution, Revir.D opens a decoy file to distract the user from the program's malicious activities.

Read more

Backdoor:OSX/Imuler.B

Backdoor:OSX/Imuler.B contacts a remote server for instructions; it may then steal files or capture a screenshot of the infected computer system, which is later forwarded to the remote server.

Read more

Exploit:W32/CVE-2011-3402.A

Exploit:W32/CVE-2011-3402.A is a Generic Detection that identifies malicious files which exploit a known vulnerability various Windows operating system versions.

Read more

Exploit:Java/Majava.B

Exploit:Java/Majava.B identifies malicious files that exploit vulnerabilities in the Java Runtime Environment (JRE).

Read more

Exploit:W32/CVE-2010-0188.C

Exploit:W32/CVE-2010-0188.C identifies malicious PDF files downloaded by the Blackhole exploit kit that exploit a known vulnerability.

Read more

Exploit:Java/CVE-2012-5076.B

Exploit:Java/CVE-2012-5076.B is a Generic Detection that identifies Java exploits.

Read more

Exploit:Java/Majava.A

Exploit:Java/Majava.A is a Generic Detection that identifies Java exploits.

Read more

Exploit:W32/CVE-2010-0188.B

Exploit:W32/CVE-2010-0188.B identifies malicious PDF files downloaded by the Blackhole exploit kit that exploit a known vulnerability.

Read more

Exploit:Java/CVE-2012-4681.H

Exploit:Java/CVE-2012-4681.H identifies malicious Java Archive (JAR) files that exploit a known vulnerability.

Read more

Trojan-Spy:W32/FinSpy.A

Trojan-Spy:W32/FinSpy.A is a component of a commercial surveillance product that monitors user activity.

Read more

Flame

Flame is a sophisticated information-gathering program used in targeted cyber-attacks against organizations and nation states in the Middle East.

Read more

Trojan:W32/Patched

Windows components that have been 'patched' by a malicious application, usually to facilitate the malware's operations. The affected component and the purpose of the patching may vary depending on the malware in question.

Read more

Rootkit:W32/ZAccess

Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additionaly advertising information.

Read more

Backdoor:OSX/MacKontrol.A

Backdoor:OSX/MacKontrol.A connects to a remote server to receive further instructions, without the knowledge or permission from the user.

Read more

Backdoor:OSX/Sapbap.A

Backdoor:OSX/Sabpab.A connects to a remote server to receive further instructions, without the knowledge or permission from the user.

Read more

Backdoor:OSX/Olyx.C

Backdoor:OSX/Olyx.C connects to a remote server to receive further instructions, without the knowledge or permission from the user.

Read more

Backdoor:OSX/Olyx.B

Backdoor:OSX/Olyx.B connects to a remote server to receive further instructions, without the knowledge or permission from the user.

Read more

Trojan:W32/Ransomcrypt

Trojan:W32/Ransomcrypt is ransomware that encrypts files on the affected computer and demands payment in order to provide a password decrypting the affected files.

Read more

Trojan:W32/Reveton

Trojan:W32/Reveton is a Ransomware application. It fraudulently claims to be from a legitimate law enforcement authority and prevents users from accessing their infected machine, demanding that a 'fine' must be paid to restore normal access.

Read more

Mobile

Adware     Application     Backdoor     Constructor     Exploit     Hack-Tool     Monitoring-Tool
Packed     Riskware     Rogue     Rootkit     Spyware     Trackware     Trojan     Virus     Worm    

Backdoor:iPhoneOS/XcodeGhost

Backdoor:iPhoneOS/XCodeGhost identifies iOS apps that include code introduced when the software was created using a maliciously-modified version of the Xcode app creation framework. Threat Impact: Information harvesting | Threat Severity: Low

Read more

Backdoor:iPhoneOS/Xsser

Backdoor:iPhoneOS/Xsser is a mobile Remote Administrative Tool (RAT) that was reportedly found on iOS devices. Threat Impact: Information harvesting | Threat Severity: Low

Read more

Trojan:Android/Funtasy.A

Trojan:Android/Funtasy appears to be a television remote-control app; in reality, the trojan silently subscribes the user's device to a premium-rate SMS service.

Read more

Trojan:Android/Cynos.A

Trojan:Android/Cynos.A is distributed in repackaged versions of adult content apps and silently harvests and forwards sensitive details from the device.

Read more

Trojan:Android/Facric.A

Trojan:Android/Facric.A masquerades as an app from a regional bank in France. If an unsuspecting user enters their personal banking details into the app, the information is silently forwarded to a remote server.

Read more

Trojan:Android/Koler

Trojan:Android/Koler is an Android app being promoted as part of a ransomware scheme. On installation, the app displays a (fake) notice stating the device has been 'locked' and demanding payment.

Read more

Worm:Android/Samsapo

Worm:Android/Samsapo sends an SMS message to all the contacts listed in the device. The message contains a link which on clicking takes the user to a malicious APK package.

Read more

Trojan:Android/Voxv.B

Trojan:Android/Voxv.B is a trojanized version of a popular game app that harvests and silently forwards sensitive details from the infected device to remote contacts.

Read more

Trojan-Spy:iPhoneOS/SSLCredsthief.A

Trojan:iPhoneOS/SSLCredsThief.A listens to the outgoing SSL connections from a jailbroken iPhone in order to steal the device's Apple ID.

Read more

Backdoor:Android/Dendroid.A

Backdoor:Android/Dendroid.A is a malware construction kit that automates and simplifies the process of creating Android trojans.

Read more

Trojan-Spy:Android/Wabek.A

Trojan-Spy:Android/Wabek.A collects phone numbers from the infected device and signs up the user for premium mobile services.

Read more

Trojan:Android/CoinMiner.A

Trojan:Android/CoinMiner.A is distributed in repackaged applications and silently uses the infected device's physical resources to mine digital currency.

Read more

Trojan:iPhoneOS/Adthief.A

Trojan:iPhoneOS/Adthief.A hijacks the advertisement modules used by other installed apps to display its own advertisements.

Read more

Trojan:SymbOS/SmsJeg.B

Trojan:SymbOS/SMSJeg.B silently sends SMS messages to premium-rate numbers.

Read more

Trojan:Android/Torsm.A

Trojan:Android/Torsm.A is reportedly the first trojan to use the open-source, anonymizing Tor network to hide its communications with its Command & Control (C&C) structure. When active, the trojan monitors and intercepts incoming SMS messages, as well as sends SMSes to a specified number.

Read more

Trojan:Android/Oldboot.A

Trojan:Android/Oldboot is reportedly the first malware to infect the boot partition of the Android operating system (also known as a bootkit).

Read more

Trojan:Android/Newbak.A

Trojan:Android/NewBak.A usurps the name and appearance of a legitimate mobile banking application. When users enter banking details into the app, the information is silently recorded and forwarded to a remote server.

Read more

Trojan-Spy:Android/Smforw

Trojan-Spy:Android/Smforw variants silently forward incoming SMS messages on an infected device to a remote server.

Read more

Trojan:Android/Gepew

Trojan:Android/Gepew is installed on a mobile device as part of a PC-based malware's payload and attempts to replace installed apps with trojanized versions.

Read more

Trojan:Android/FakeFlash.C

Trojan:Android/FakeFlash.C attempts to charges a free for 'downloading and installing' the free Adobe Flash Player.

Read more

Trojan:Android/Gidix.A

Trojan:Android/Gidix.A appears to be a system settings manager application; while active however the app uploads sensitive data from the device to a remote server. It also silently sends SMS messages and monitors incoming calls and SMS messages.

Read more

Trojan:Android/AVPass.C

Trojan:Android/AVPass.C is distributed in the guise of a Clock app; while active however, it steals information from the device and attempts to uninstall or bypass security-related apps installed on the device.

Read more

Trojan:Android/Fakeinst.HB

Trojan:Android/Fakeinst.HB is a repackaged clone of a popular, free racing game. Unlike the original, the repackaged clone requires the user to pay a charge, supposedly to "access higher game levels".

Read more

Application:Android/Counterclank

Counterclank.A is an advertising component used in various ad-supported apps. While running, the component silently collects data from the device and forwards it to a remote site.

Read more

Trojan:Android/Joye.E

Trojan:Android/Joye.E only operates when the device screen is off, at which time it uploads sensitive information from the device to remote sites.

Read more

Trojan:Android/FakeApp.N

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/Marchcaban.A

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/Smforw.L

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Riskware:Android/SmsReg.T

SmsReg.A is marketed under the name ‘Battery Improve,’ and claims to help maximizes a device’s battery usage.

Read more

Trojan:Android/SmsSend.EZ

SmsSend.A is an SMS-sending malware that reaps profit from sending SMS messages to premium rate numbers.

Read more

Trojan:Android/FakeAngry.G

Trojan:Android/FakeAngry silently gathers information from the device and forwards the details to a remote location.

Read more

Trojan:Android/Carej.A

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/Fakeinst.GU

Trojan:Android/Fakeinst malware appear to be installers for other applications; when executed however, the malware send SMS messages to premium-rate numbers or services.

Read more

Trojan:Android/Joye.C

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/AckPosts.B

AckPosts.A collects information from the contact list, and forwards the details to a remote server.

Read more

Trojan:Android/FakeApp.M

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/SmsSpy.AQ

Trojan:Android/SmsSpy variants intercepts incoming SMS messages and forwards them to a remote site.

Read more

Monitoring-Tool:Android/Cavis.A

A program that monitors and records all actions on a computer, including keystrokes entered.

Read more

Trojan:Android/Fakeinst.GJ

Trojan:Android/Fakeinst malware appear to be installers for other applications; when executed however, the malware send SMS messages to premium-rate numbers or services.

Read more

Trojan:Android/Forav.B

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/Smsir.B

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/SmsSend.DS

SmsSend.A is an SMS-sending malware that reaps profit from sending SMS messages to premium rate numbers.

Read more

Trojan:Android/Fakeinst.GI

Trojan:Android/Fakeinst malware appear to be installers for other applications; when executed however, the malware send SMS messages to premium-rate numbers or services.

Read more

Trojan:Android/Winge.A

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/Smforw.K

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/FakeAv.A

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/Galf.B

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/Fakeinst.CS

Trojan:Android/Fakeinst malware appear to be installers for other applications; when executed however, the malware send SMS messages to premium-rate numbers or services.

Read more

Trojan:Android/Wangdou.A

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/Masnu.A

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

Trojan:Android/DomBa.B

A seemingly legitimate application (app) that secretly performs other, usually malicious, functions detrimental to the user's personal information and/or the user's control of the device on which the app is installed.

Read more

SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit A Sample

Find out more

What is a Trojan and why is it harmful? Learn more about trojans and how they work

Learn More