July 10, 2024 at 03:23PM ViperSoftX malware utilizes CLR to execute PowerShell within AutoIt scripts, enabling evasion of detection. It is distributed disguised as ebooks on torrent sites, using malicious RAR archives and decoy files. The malware employs various evasion techniques, including base64 obfuscation, AES encryption, and deceptive hostnames, aiming to steal system and cryptocurrency … Read more
June 25, 2024 at 07:51AM A new threat actor named Boolka has been targeting websites with malicious scripts to distribute a trojan called BMANAGER. Using SQL injection attacks since 2022, Boolka infects sites with JavaScript capable of capturing user data. The trojan deploys multiple modules to steal sensitive information and establishes persistence on the host. … Read more
June 19, 2024 at 03:35AM Criminals are using social engineering techniques to target organizations worldwide with malicious PowerShell scripts disguised as fake error messages from Google Chrome, Microsoft Word, and OneDrive. Proofpoint identified at least two criminal groups using this tactic, with the possibility of spreading ransomware. Organizations are advised to train employees to recognize … Read more
May 27, 2024 at 02:08AM Hackers are using a Python clone of Minesweeper to conceal malicious scripts in attacks on US and European financial organizations, as reported by Ukraine’s CSIRT-NBU and CERT-UA. The attacks involve the installation of SuperOps RMM, granting unauthorized access. The email-based attack disguises the malicious code within the Minesweeper game, bypassing … Read more
April 8, 2024 at 02:26PM Hackers compromised over 2,000 WordPress sites, injecting them with malicious scripts to display fake NFT and discount pop-ups. These pop-ups prompt visitors to connect their wallets to crypto drainers, ultimately stealing funds and NFTs. The attackers seek to monetize a large pool of hacked sites and have begun promoting these … Read more
March 6, 2024 at 05:40PM Hackers have been targeting WordPress sites with widescale attacks, initially using crypto wallet drainer scripts to steal cryptocurrency. More recently, they have switched to injecting malicious scripts that force visitors’ browsers to conduct bruteforce attacks on other websites. The threat actor’s goal seems to be building a larger portfolio of … Read more
January 23, 2024 at 02:16PM Threat actors operating Parrot TDS have intensified their efforts to avoid detection and potentially target millions of people through compromised websites. Researchers from Unit 42 have been tracking this traffic redirect system, which injects malicious scripts into existing JavaScript code. The researchers have also provided mitigation strategies and indicators of … Read more