#Morphisec – Xynik

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

October 8, 2024 by Xynik

October 8, 2024 at 01:15PM Users searching for game cheats are lured into downloading Lua-based malware, with a focus on gaming engine supplements. The malware establishes persistence on infected systems, delivering additional payloads. Techniques include GitHub exploitation, targeting gaming communities worldwide. Researchers emphasize a shift to obfuscated Lua scripts as a means of evading detection. … Read more

Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade

September 4, 2024 by Xynik

September 4, 2024 at 10:37AM The Cicada3301 ransomware, linked to at least 20 victims since June, shares similarities with BlackCat ransomware. It’s coded in Rust and targets Windows’ Volume Snapshot Service, manipulating the shadow copies. The malware also embeds user credentials and customizes ransom notes per victim. Its detection capabilities and targets, primarily SMBs, are … Read more

New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

September 3, 2024 by Xynik

September 3, 2024 at 09:54AM Cicada3301, a new ransomware variant, targets small to medium-sized businesses through opportunistic attacks. Written in Rust, it targets Windows and Linux/ESXi hosts and uses techniques similar to the now-defunct BlackCat operation. It encrypts files, manipulates system recovery, and compromises EDR detection. Its emergence may be connected to the demise of … Read more

Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited

June 12, 2024 by Xynik

June 12, 2024 at 12:45PM Microsoft addressed a critical remote code execution vulnerability in its June 2024 Patch Tuesday updates. Tracked as CVE-2024-30103, it allows attackers to create malicious DLL files and initiate execution when an affected email is opened in Outlook. This zero-click vulnerability can be exploited for initial access and requires immediate client … Read more

New IDAT loader version uses steganography to push Remcos RAT

February 26, 2024 by Xynik

February 26, 2024 at 05:57PM The hacking group UAC-0184 utilized steganographic images to deploy the Remcos remote access trojan onto a Ukrainian entity in Finland. The group expanded to target organizations outside Ukraine. The attack involves phishing emails, a modular loader, and executing malware disguised in a PNG image. Details are available in the CERT-UA … Read more