malware

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases

by

December 11, 2023 at 04:13AM The blog entry discusses the Analyzing AsyncRAT’s Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases, highlighting how the malware misuses legitimate processes for malicious activities and demonstrates evolving adversary tactics. It emphasizes the malware’s capabilities, infection chain, and strategies for evading detection. The entry also provides mitigation strategies and … Read more

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

by

December 11, 2023 at 01:18AM A new set of process injection techniques called PoolParty was presented at Black Hat Europe 2023. These techniques allow code execution in Windows while evading endpoint detection and response systems. SafeBreach researcher Alon Leviev highlighted their capability to work across all processes, making them more flexible than existing techniques. PoolParty … Read more

Researchers Unveal GuLoader Malware’s Latest Anti-Analysis Techniques

by

December 9, 2023 at 02:36AM Threat hunters expose GuLoader malware’s evolving obfuscation tactics, making analysis time-consuming. Used in phishing campaigns, it distributes various payloads and is continually updated to evade security measures. Similar updates seen in DarkGate RAT, showcasing the sophistication and adaptability of modern malware threats. Remote access trojans are leveraging novel email-based infection … Read more

N. Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection

by

November 28, 2023 at 12:06AM The Lazarus Group, a North Korean threat actor, has been observed combining elements from two separate macOS malware strains, RustBucket and KANDYKORN. They are using RustBucket droppers to deliver the KANDYKORN malware. Another macOS-specific malware called ObjCShellz has also been linked to the RustBucket campaign by cybersecurity firm SentinelOne. This … Read more

New ‘HrServ.dll’ Web Shell Detected in APT Attack Targeting Afghan Government

by

November 25, 2023 at 12:18AM An unnamed government entity in Afghanistan fell victim to a sophisticated cyber attack involving a previously unknown web shell called HrServ. The web shell exhibits advanced features and allows threat actors to control the compromised server and carry out various malicious activities. The attack involves the use of a remote … Read more

Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel

by

November 24, 2023 at 05:36AM Researchers have discovered a Rust version of the cross-platform backdoor SysJoker, indicating its use by a Hamas-affiliated group to target Israel. The malware has undergone significant changes, using Rust language instead of its previous version. The threat actor has also switched from Google Drive to OneDrive for storing command-and-control server … Read more

Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

by

November 23, 2023 at 10:06AM A new phishing attack carried out by a cyber espionage group called Konni has been observed. The attackers are using a Russian-language Microsoft Word document to deliver malware that can collect sensitive information from compromised Windows hosts. The group is known for targeting Russia and uses spear-phishing emails and malicious … Read more

North Korea makes finding a gig even harder by attacking candidates and employers

by

November 22, 2023 at 08:37PM Palo Alto Networks’ Unit 42 has identified two hacking schemes linked to state-sponsored actors in North Korea. The first scheme, called Contagious Interview, involves threat actors posing as job recruiters on job boards and tricking software engineers into downloading malware. The second scheme, Wagemole, sees threat actors pretending to be … Read more

Malware dev says they can revive expired Google auth cookies

by

November 22, 2023 at 05:00PM The Lumma information-stealer malware, also known as LummaC2, claims to have a new feature that can restore expired Google cookies, allowing cybercriminals to hijack Google accounts. The feature is only available to subscribers of the highest-tier plan, costing $1,000/month. While this capability has not been verified by security researchers or … Read more

Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals

by

November 21, 2023 at 09:00AM The ransomware strain Play is now available as a service for other threat actors, according to cybersecurity company Adlumin. Affiliates who purchase the ransomware follow step-by-step instructions from playbooks delivered with it, resulting in attacks with minimal variations. Play, also known as Balloonfly and PlayCrypt, has previously targeted networks through … Read more