December 6, 2024 at 03:48AM The More_eggs malware has expanded with new families: RevC2, an information-stealing backdoor, and Venom Loader, a customized malware loader. Both are deployed via VenomLNK. Their campaigns, observed from August to October 2024, demonstrate ongoing innovation in the malware-as-a-service sector despite previous arrests of key operators. ### Meeting Takeaways – December … Read more
December 3, 2024 at 11:24AM The “Venom Spider” malware-as-a-service platform has introduced new capabilities via the RevC2 backdoor and Venom Loader, detected in recent cyberattacks. Researchers report these tools can steal sensitive data and enable remote code execution. Future enhancements to this platform are expected, along with provided defenses against the malware. ### Meeting Takeaways: … Read more
October 22, 2024 at 12:31PM Lumma Stealer has launched a campaign using malicious CAPTCHA pages to prompt malware downloads. This malware aims to steal sensitive data. Researchers emphasize the need for security teams to adopt continuous monitoring and adapt defenses against evolving threats like Lumma Stealer, using a multilayered approach for effective protection. ### Meeting … Read more
October 7, 2024 at 05:17PM Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware cybercrime. He distributed the malware under a MaaS model, allowing users to rent it for weekly or monthly fees. Sokolovsky was arrested in the Netherlands in March 2022, and the FBI dismantled the malware’s infrastructure in a … Read more
October 1, 2024 at 01:24PM A threat group targeting multinational financial organizations impersonates job seekers to execute a spear-phishing campaign spreading the “more_eggs” backdoor. Trend Micro researchers linked this campaign to FIN6 and cautioned that the malware’s MaaS nature blurs threat actor lines. Vigilance and robust security measures are needed to combat this evolving threat. … Read more
August 19, 2024 at 09:15AM Cybersecurity experts have discovered a surge in malware infections driven by malvertising campaigns distributing a loader called FakeBat. The attacks target users seeking popular business software, utilizing trojanized MSIX installers and executing PowerShell scripts to download secondary payloads. FakeBat is associated with threat actor Eugenfest and is used to distribute … Read more
July 26, 2024 at 09:36AM The GXC Team, a Spanish-speaking cybercrime group, has bundled phishing kits with malicious Android apps, creating a sophisticated phishing-as-a-service platform. They target users of Spanish banks and institutions worldwide, using smishing and social engineering techniques. The threat also involves AI-infused voice calling tools, AI-powered voice cloning, and adversaries-in-the-middle capabilities in … Read more
June 25, 2024 at 01:06PM The Medusa banking trojan, known as TangleBot, has resurfaced with lighter variants targeting countries in Europe and North America. The new activity involves SMS phishing and uses dropper applications to infect devices. The trojan has minimized its permissions, added new features, and is centralizing its operations for easier control. The … Read more
March 22, 2024 at 11:21AM Cybersecurity researchers have detected a new wave of phishing attacks delivering a new information stealer called StrelaStealer, impacting over 100 organizations in the E.U. and the U.S. The attacks involve spam emails with evolving attachments, targeting various sectors with diverse tactics. Other malware families like Stealc and Rescoms RAT have … Read more
February 19, 2024 at 10:10AM Ukrainian national Mark Sokolovsky, 28, appeared in a US court after extradition from the Netherlands. He was arrested in March 2022 for operating the Raccoon Infostealer malware. Sokolovsky was indicted for distributing the malware globally, stealing login credentials, financial data, and leasing access to the malware for $200 monthly. The … Read more