No. 1 Emotet — 36 026 samples

Trojan was first discovered 2014 and was used to intercept data transferred via a secure connection. We will remind, in September of this year Emotet came back to life after 4 months of inactivity. The operators were sent e-mails containing malware and links to malicious downloads. Victims of the campaign are users who speak Polish and German.

No. 2 Agent Of Tesla — 10 324

AgentTesla is an advanced tool for remote access (RAT). The malware infects computers with 2014 acting as a Keylogger and password Stealer.

No. 3 NanoCore — 6 527

NanoCore is the most popular among all RAT. In addition to providing remote access to host victim, it also includes the capability of logging keys, espionage, execution of files, video and audio capture, registry editing and mouse control.

No. 4 LokiBot — 5693

LokiBot appeared on underground forums as a thief of information, and a Keylogger but it has added various capabilities that allow it to evade detection and collect your confidential information.

No. 5 Ursnif — 4 185

Ursnif is usually associated with data theft, but some variants can be supplied with components such as backdoors, spyware, or implementation files. The security researchers also associated with this menace, deploy other malware — GandCrab.

No. 6 FormBook — 3 548

The malware was designed to capture the data typed on keyboard in a web form. Its function is to collect credentials from the web browsers (cookies, passwords), a screenshot, stealing clipboard content, logging keys, download and run executables from the server management and control, as well as stealing passwords from the mail clients.

No. 7 HawkEye — 3 388

Keylogger supports the ability to intercept keystrokes and allows you to steal credentials from various applications and clipboard.

No. 8 AZORult — 2 898

The main function of the Trojan is to collect and extract data from compromised systems, including passwords stored in browsers, mail and FTP clients as well as cookies, web form, cryptocurrency wallets and correspondence in messengers.

No. 9 TrickBot — 2 510

Originally TrickBot was only used in attacks on Australian users, however, in April 2017, it has been used in attacks on banks in USA, UK, Germany, Ireland, Canada, New Zealand, Switzerland and France. Usually it spreads through Emotet and may download other malware on the system (for example, rent-seeking BY Ryuk).

No. 10 njRAT — 2 355

njRAT created on the database .NET and allows an attacker to take complete control of an affected system. Previously Trojan spread via spam messages containing advertising cheat codes and generator of license keys for the game „Need for Speed: World“. It is also used in several malicious campaigns that use the OpenDocument Text files (ODT).

auto translated from: https://www.securitylab.ru/news/503707.php

admin