April 4, 2024 at 07:03PM Latrodectus, a new malware linked to the IcedID loader, was discovered in November 2023. It is believed to be an evolution of IcedID with similar operational ties. The malware is capable of carrying out various malicious activities, including evasive sandbox checks and communication with command and control servers. Its widespread … Read more
February 15, 2024 at 08:29AM New QBot malware variants have been detected in email campaigns since mid-December, indicating ongoing development and distribution. The malware, also known as Qakbot, deploys through fake Adobe product installers and has caused significant financial damages in the past. Security researchers are closely monitoring the evolving threat and updating detection rules. … Read more
January 25, 2024 at 03:31PM The advanced threat actor ‘Blackwood’ has been using the NSPX30 malware in cyberespionage attacks since at least 2018. Targeting China, Japan, and the UK, the adversary delivers the malware through legitimate software update mechanisms. NSPX30, an evolved implant with sophisticated capabilities, conceals its activities and intercepts data to evade detection. … Read more
January 17, 2024 at 11:26AM Info-stealers like KeySteal, Atomic Infostealer, and CherryPie are increasingly targeting macOS by evading Apple’s built-in malware protection. These sophisticated stealers have evolved with new variants that can bypass detection engines, such as macOS’s XProtect. Even with recent updates, these malware strains pose a continued threat, necessitating ongoing vigilance from macOS … Read more
January 17, 2024 at 06:03AM Cybersecurity researchers have developed a “lightweight method” called iShutdown to detect spyware on Apple iOS devices, including threats like NSO Group’s Pegasus and QuaDream’s Reign. The method involves analyzing the “Shutdown.log” file, which records reboot events and environment characteristics, and has been found to be a reliable forensic artifact for … Read more
January 5, 2024 at 01:27AM A new variant of the Bandook trojan is being spread through phishing attacks, targeting Windows machines. The malware is distributed via a PDF file embedding a link to a password-protected .7z archive. After extraction, the malware injects its payload into msinfo32.exe. This off-the-shelf malware can remotely control infected systems and … Read more
November 28, 2023 at 04:36AM Amid the ongoing conflict between Israel and Hamas, attackers associated with Hamas are using an updated version of the SysJoker backdoor to target Israeli entities. This new variant, written in the Rust programming language, retains similar functionalities but has undergone significant evolution. The attackers are also utilizing OneDrive instead of … Read more
November 6, 2023 at 01:00PM An updated version of the information stealer malware Jupyter has resurfaced with new tactics to establish a persistent presence on compromised systems. The malware leverages PowerShell command modifications and signatures of private keys to appear as a legitimately signed file. It utilizes manipulated search engine optimization and malvertising to trick … Read more