top of page

Buried on page 5 - Ten bad guys we've seen before.

​Not every malware threat makes the 5 o'clock news headlines or basks in the glory of front-page exposure. In fact, most threats don't even make news. When they do, however, it's dramatic.

Headlines gobbled up by the latest affront to our collective cybersecurity. Viruses, trojans, worms, malvertising and of course ransomware holding data hostage for bitcoins. Luckily for us the good guys are out there doing their best to mitigate against the threats. And, when something strikes with the force, the pomp and circumstance of the likes of WannaCry, there’s usually plenty of attention devoted to killing it.

The shelf life of high profile malware is usually pretty short due to the amount of attention it receives, but for every malware variant that dies due to its success and overexposure, a myriad fall through the cracks and remain undetected.

More than likely, you’ve heard of some, if not all, of the malware titles on this list—titles that have been around for a while, thriving through various reincarnations thanks to the tricks of hackers tweaking malicious code.

Please make sure that you are protected against threats and remain diligent when online regardless of your device.


It is estimated that 85,000,000 (yes million) phones are infected by Hummingbad in 2018! If I had a nickel for every...

Hummingbad is a form of Android malware that installs a rootkit followed by fake apps. It also generates fraudulent ad revenue, and to the tune of over $300,000 a month at its peak!

In 2016 Hummingbad managed to infect more than 10 million Android devices. While it is believed that its infection rate has slowed since then, it's still an active attacker, recently being found in fake apps, and more than 20 other apps in Google Play store and third-party installers.


RoughTed is a little different than the other titles on this list. It isn't malware that gets installed on your system directly—rather it’s a phenomenon called malvertising that operates from a variety of domains with the ultimate goal of getting you to click on a link that executes malicious code.

Malvertising targets everyone regardless of your device or operating system. Windows, as well as MacOS users are all subject to damage from false ads. RoughTed domains have been seen installing malware, ransomware, exploit kits, and other types of dangerous code.

RoughTed continues to thrive as a serious threat affecting, at its peak over 28% of organizations across the globe.

Globe Imposter

Landing in June of 2017, Globe Imposter is a new ransomware wreaking havoc and self-perpetuating as most other ransomware does: via phishing. Employing a clever coding trick, this variant was alternating the delivery of its payload. Locky ransomware, and FakeGlobe are the primary packages, but the end result is the same: encrypted files held hostage and a demand for Bitcoin.

August 2017 saw Globe Imposter gain significant notoriety and the attention of most anti-malware software products most of which protect against it now. Nevertheless, the threat is real, so keep training users not to open suspicious-looking emails.


This Trojan-style malware targets Windows systems and makes sure it's hard to get it out. It installs backdoors, downloads and runs other malicious apps, and registers itself as a hidden system service so it's nearly impossible to shut down.

HackerDefender has the potential to become an open door to any network--a terrifying proposition.


If you’ve ever discussed Android malware that integrates itself with a device, and all the apps on it, then you were probably talking about Triada.

This dangerous Trojan begins simply: It gets onto a device via an infected app and starts sending data to its command and control server; the fun begins with responses and commands sent back to the device.

Triada infects your Android’s Zygote Process; the part of the Android OS that controls the launching, running, and stopping of apps. Once rooted, Triada is essentially part of every app on the infected device.

Additionaly, Triada acts as a gateway for the installation of other malware. Lastly, as it operates from within a device's RAM, it is very hard to detect.


Locky is one of the most well-known ransomware families. It has transformed a lot since it first appeared in 2016 and continues to be one of the most prevalent ransomware threats.

Microsoft Word documents infected with bad macros are the primary means of Locky’s propagation. Upon opening the infected .doc, a user will just see junk and be prompted to enable macros. If the user enables macros as prompted, then it's too late to stop the payload delivery.

Locky has also been found in Excel spreadsheets, JavaScript files, and other document formats.


Conficker is a self-replicating worm that can do real damage to infected networks. Conficker itself never delivered a deadly payload, but the worm can install applications, open ports, and widen the vulnerabilities of machines it has infected.

The worst part about Conficker is that Microsoft patched the vulnerability it exploited (MS08-067) shortly before Conficker appeared in 2008. But in 2018 it's still alive and kicking, as is MS08-067: Conficker continues to be a commonly exploited vulnerability nearly 10 years later.


Considered one of the harder forms of malware to fight, Sality does a lot of things in a single package. It's a keylogger, a worm, and a Trojan. To devastating effect, it can communicate over P2P networks and send data back and forth.

Sality is dangerous and has been since it appeared in 2003.


Hailing from China, Fireball has infected some 250 million machines since mid-2017. It's a browser hijacker that generates fake ad click revenue, but that's just for starters: It can quickly morph into a full-powered malware threat.

Fireball's controllers can send malware to infected machines and execute code, making it capable of turning into almost anything.

20% of corporate networks worldwide are believed to be infected by Fireball.


Kovter is a Trojan, which has been observed acting as click fraud malware or a ransomware downloader. Recently, it is disseminated via spam email attachments containing malicious office macros. Kovter is fileless malware that evades detection by hiding in registry keys. Reports indicate that Kovter has received updated instructions from command and control infrastructure to serve as a remote access backdoor.

Have you protect your assets? Contact INTECH today you have any questions, or require any assistance shoring up your computer’s defences. We offer a host of solutions that will help to keep your assets safe; ask us about integriSHIELD for details. | 306.914.0846

Please comment below, join our mailing list and feel free to share this little gem of wit and wisdom.

bottom of page