New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

June 12, 2024 at 05:15AM Cybersecurity researchers have uncovered an ongoing phishing campaign using job-themed lures to distribute a backdoor named WARMCOOKIE. The backdoor, deployed via email, is capable of capturing information, executing commands, and downloading additional malicious programs. Additionally, another phishing campaign was detailed, utilizing invoice-related decoys to deploy malware through the Windows search … Read more

WarmCookie Gives Cyberattackers Tasty New Backdoor for Initial Access

June 11, 2024 at 12:37PM A new Windows backdoor named WarmCookie, distributed through phishing emails, has become the latest tool for cyber attackers. Despite lacking sophistication, this backdoor is actively impacting organizations globally. It targets individuals with job recruitment lures and can ultimately lead to ransomware deployment. Organizations are urged to watch out for it … Read more

New Warmcookie Windows backdoor pushed via fake job offers

June 11, 2024 at 11:20AM A new Windows malware called ‘Warmcookie’ is being spread through fake job offer phishing campaigns to infiltrate corporate networks. It is capable of machine fingerprinting, screenshot capturing, and deploying additional payloads. The threat actors create new domains weekly and utilize compromised infrastructure to send phishing emails. Warmcookie gathers victim information, … Read more

Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies

May 24, 2024 at 06:00AM Cybersecurity researchers have identified BLOODALCHEMY, a new form of malware targeting government organizations in Southern and Southeastern Asia, as an updated version of Deed RAT and a successor to ShadowPad. This discovery is crucial due to the history of ShadowPad in APT campaigns. The malware’s capabilities, attack chains, and code … Read more

GhostEngine mining attacks kill EDR security using vulnerable drivers

May 21, 2024 at 06:34PM The ‘REF4578’ crypto mining campaign deploys GhostEngine, a sophisticated malicious payload, using vulnerable drivers to disable security products and deploy an XMRig miner. Researchers highlight GhostEngine’s unusual sophistication and provide detection rules, but the campaign’s origin and scope remain unknown. To defend against GhostEngine, look out for suspicious PowerShell execution, … Read more