Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:04:39 UTC
 Tool: Vawtrak
Names
Vawtrak
Catch
grabnew
NeverQuest
Category Malware
Type Banking trojan, Info stealer, Credential stealer, Botnet
Description
(Sophos) Vawtrak is an information stealing malware family that is primarily used to gain
unauthorised access to bank accounts through online banking websites. Machines infected
by Vawtrak form part of a botnet that collectively harvests login credentials for the online
accounts to a wide variety of financial and other industry organisations. These stolen
credentials are used, in combination with injected code and by proxying through the
victim’s machine, to initiate fraudulent transfers to bank accounts controlled by the
Vawtrak botnet administrators.
Information
Malpedia AlienVault OTX Last change to this tool card: 29 December 2022
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a40177a1-056d-489e-b91b-8d7fbc03e068
Page 1 of 2

Download this tool card in JSON format
All groups using tool Vawtrak
Changed Name Country Observed
APT groups
  FIN6, Skeleton Spider [Unknown] 2015-Oct 2021
Other groups
  Lunar Spider 2019  
2 groups listed (1 APT, 1 other, 0 unknown)
↑
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a40177a1-056d-489e-b91b-8d7fbc03e068
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a40177a1-056d-489e-b91b-8d7fbc03e068
Page 2 of 2