December 3, 2024 at 11:24AM The “Venom Spider” malware-as-a-service platform has introduced new capabilities via the RevC2 backdoor and Venom Loader, detected in recent cyberattacks. Researchers report these tools can steal sensitive data and enable remote code execution. Future enhancements to this platform are expected, along with provided defenses against the malware. ### Meeting Takeaways: … Read more
November 8, 2024 at 02:27AM Researchers have identified a new malware campaign, CRON#TRAP, that infects Windows systems via a malicious shortcut file. It sets up a Linux virtual instance with a backdoor for remote access, complicating detection. Another campaign targets electronics companies using GuLoader malware via spear-phishing emails. Proactive security measures are essential. ### Meeting … Read more
September 4, 2024 at 03:51AM Summary: The Chinese-speaking threat actor Earth Lusca has been found using a new multiplatform backdoor named KTLVdoor, which is highly obfuscated and has both Windows and Linux versions. The malware allows attackers to carry out various tasks and features sophisticated encryption and obfuscation techniques. The attack campaign involves significant infrastructure … Read more
August 21, 2024 at 03:32PM A new backdoor named Msupedge is found attacking victims in Taiwan, employing a unique communication method. Symantec researchers uncovered this malware while investigating an attack on a Taiwan university. The backdoor communicates with its command-and-control server via DNS traffic, a less common technique. It is believed to have exploited a … Read more
August 20, 2024 at 06:40AM A new backdoor named Msupedge has been discovered being used in a cyber attack on a university in Taiwan. This backdoor is notable for communicating with a command-and-control server via DNS traffic and using an open-source tool for its code. The attack vector was likely a critical flaw in PHP, … Read more
August 12, 2024 at 12:27AM Russian government and IT organizations are targets of a spear-phishing campaign, codenamed EastWind. The attack deploys backdoors and trojans through booby-trapped LNK files, leveraging DLL side-loading techniques. Malware variants GrewApacha, CloudSorcerer, and PlugY are used for espionage, exfiltration, and data theft via various platforms including Dropbox and GitHub. Additionally, a … Read more
June 18, 2024 at 12:36PM A new backdoor named BadSpace uses a multi-stage attack that involves infected WordPress sites. It is distributed similarly to the SocGholish malware and is associated with the cybercrime group Evil Corp. BadSpace’s delivery chain starts with an infected website, deploying the backdoor through a fake browser update notification and JavaScript … Read more
June 11, 2024 at 04:39AM Summary: This blog post analyzes the Noodle RAT backdoor, used by Chinese-speaking groups in cybercrime and espionage. It covers the backdoor’s history, capabilities for Windows and Linux, command-and-control communication, backdoor commands, similarities with Gh0st RAT and Rekoobe, and the discovery of a control panel and builder for Noodle RAT. Authors: … Read more
April 25, 2024 at 10:29AM Hackers are targeting WP Automatic plugin for WordPress, exploiting the CVE-2024-27956 vulnerability. The issue allows the creation of admin accounts and backdoors. Over 5.5 million attack attempts have been recorded, prompting the recommendation to update to version 3.92.1 and frequently backup websites to mitigate the risk. After reviewing the meeting … Read more
April 17, 2024 at 04:06PM Kapeka is a new backdoor possibly linked to Russia’s Sandworm and a potential successor to GreyEnergy. Little public information exists on Kapeka, but WithSecure and Microsoft believe it is a tool of a nation-state group. Kapeka has potential for long-term cyberespionage or to deliver malware payloads, possibly originating from Sandworm. … Read more