This list contains the top 10 malware and ransomware families detected by Netskope targeting users in Europe in the last 12 months:
Botnet.Mirai is one of the most famous botnets, targeting exposed Linux networking devices. Discovered in 2016, this malware has been targeting a wide range of devices, such as routers, cameras, and other IoT devices. Since its source code leak, the number of variants of this malware has increased considerably.
Downloader.Guloader is a small downloader known for delivering RAT and infostealers, such as AgentTesla, Formbook, and Remcos.
Infostealer.AgentTesla is a .NET-based remote access Trojan with many capabilities, such as stealing browser passwords, capturing keystrokes, and stealing the clipboard.
Infostealer.Azorult (a.k.a. PuffStealer) is a malware that aims to steal sensitive information such as account passwords. In March 2024, Netskope Threat Labs tracked a campaign that delivered Azorult via Google Slides and HTML smuggling.
Infostealer.QakBot (a.k.a. Quakbot, QBot) is a modular malware, active since 2007, capable of stealing sensitive financial data from infected systems, often delivered via malicious documents.
RAT.NetWiredRC (a.k.a. NetWire RC) is a malware associated with APT33, aimed to provide remote access and steal sensitive information, like passwords.
RAT.NjRAT (a.k.a. Bladabindi) is a remote access Trojan with many capabilities, including logging keystrokes, stealing credentials from browsers, accessing the victim’s camera, and managing files.
RAT.Remcos is a remote access Trojan popular among many attackers that provides an extensive list of features to control devices remotely.
Trojan.ModernLoader (a.k.a Avatar Bot) collects basic system information and delivers cryptominers, RATs, and other malware payloads.
Trojan.Ursnif (a.k.a. Gozi) is a banking Trojan and backdoor, whose source code was leaked on GitHub in 2005, allowing attackers to create and distribute many variants.
Back 
