August 21, 2024 at 12:36PM A new remote access trojan called MoonPeak is being used by a state-sponsored North Korean threat activity cluster in a new campaign. This variant of Xeno RAT malware is developed to access and set up new infrastructure to support the campaign, with constant evolution and obfuscation techniques to prevent analysis. … Read more
July 31, 2024 at 06:09AM A new malicious campaign has utilized over 107,000 unique samples of Android apps to steal SMS messages and intercept one-time passwords (OTPs). This large-scale operation has targeted users in 113 countries, with India and Russia topping the list. Malware remains hidden, continuously monitoring new incoming messages to obtain OTPs for … Read more
July 18, 2024 at 05:34PM Cybercriminal group Revolver Rabbit has registered over 500,000 domain names using a secret method called RDGAs to execute infostealer campaigns targeting Windows and macOS systems. Security researchers at Infoblox discovered this large-scale operation, estimating over $1 million in registration fees. The domains use a consistent pattern for easy readability and … Read more
June 17, 2024 at 03:00AM Legitimate-but-compromised websites are being used to distribute a Windows backdoor called BadSpace via fake browser updates. The attack involves infected websites, a command-and-control server, fake browser updates, and a JScript downloader. This backdoor, capable of anti-sandbox checks and system information harvesting, is being distributed through compromised sites. Key Takeaways from … Read more
February 15, 2024 at 10:03AM Security researchers discovered new malware known as TinyTurla-NG and TurlaPower-NG, being used by the Russian hacker group Turla. The group exploits vulnerable WordPress websites for command and control purposes. Targeting organizations across various sectors, they aim to steal sensitive data using custom tools and malware. The malware’s purpose is to … Read more