Attackers Can Use QR Codes to Bypass Browser Isolation

December 9, 2024 at 03:03PM Researchers from Mandiant have demonstrated a method to bypass browser isolation using QR codes, allowing attackers to transmit commands to compromised devices. This technique exploits remote rendering processes to convey data visually, though it faces limitations, including latency and QR code size constraints. Mandiant still endorses browser isolation as a … Read more

Hackers increasingly use Winos4.0 post-exploitation kit in attacks

November 6, 2024 at 04:28PM Hackers are increasingly using the Winos4.0 framework to target Windows users, especially in China, through game-related apps. The malware executes a multi-step infection process, collects system data, and can evade security tools. Fortinet and Trend Micro have noted its potent capabilities, indicating a rise in malicious campaigns. ### Meeting Takeaways … Read more

Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

September 12, 2024 at 10:24AM A new malware named Vo1d has infected nearly 1.3 million Android-based TV boxes in 197 countries. It acts as a backdoor, secretly installing third-party software when commanded by attackers. The infection’s source is unknown, but it’s suspected to involve compromised instances or unofficial firmware versions. Budget device manufacturers may be … Read more

North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

April 25, 2024 at 01:51PM The Lazarus Group utilized job lures to distribute the Kaolin RAT, enabling deployment of the FudModule rootkit. This advanced operation, deemed overkill by Avast, involves a multi-stage sequence to ultimately establish communications with the RAT’s C2 server. The malware is capable of various operations including file manipulation and process execution, … Read more

SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks

January 25, 2024 at 11:38AM Cybersecurity researchers have uncovered details about the SystemBC malware, noting its availability on underground markets and its capability to control compromised hosts, deliver various payloads, and use SOCKS5 proxies to mask network traffic. There is also insight into an updated version of the DarkGate remote access trojan, showcasing weaknesses in … Read more

Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel

November 24, 2023 at 05:36AM Researchers have discovered a Rust version of the cross-platform backdoor SysJoker, indicating its use by a Hamas-affiliated group to target Israel. The malware has undergone significant changes, using Rust language instead of its previous version. The threat actor has also switched from Google Drive to OneDrive for storing command-and-control server … Read more