April 13, 2024 at 01:59PM A joint operation between Australian Federal Police and the FBI led to the arrest of two individuals behind the “Firebird” remote access trojan, later rebranded as “Hive.” An Australian man faces 12 charges for developing and distributing the RAT, while Edmond Chakhmakhchyan from California is accused of marketing the Hive … Read more
April 8, 2024 at 02:06AM A new version of the JSOutProx JavaScript remote access Trojan targets organizations in the Middle East and Asia-Pacific, infecting victims with multiple plugins and sophisticated capabilities. The group behind it, Solar Spider, appears to be linked to China. Visa warns financial institutions about the malware’s threat and advises vigilance and … Read more
April 5, 2024 at 04:33AM Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are facing targeted attacks by a sophisticated threat called JSOutProx, utilizing both JavaScript and .NET. The attacks have been traced back to threat actor Solar Spider and involve leveraging spear-phishing emails and various malicious activities. Cybersecurity company … Read more
March 13, 2024 at 06:21AM A recent phishing campaign has been detected distributing remote access trojans (RAT) like VCURMS and STRRAT through a malicious Java-based downloader. The attackers are utilizing public services like AWS and GitHub to store malware and employing a Proton Mail email address for communication with a command-and-control server. The campaign includes … Read more
March 7, 2024 at 01:33AM Threat actors are using fake websites promoting popular video conferencing apps like Google Meet, Skype, and Zoom to distribute malware targeting Android and Windows users. The attackers are using typosquatting tricks to deceive users into downloading Remote Access Trojans. Additionally, a new malware called WogRAT is targeting Windows and Linux … Read more
March 1, 2024 at 06:15AM Cybersecurity researchers have found a new Linux variant of the BIFROSE remote access trojan, using a deceptive domain mimicking VMware. The malware, active since 2004, has been linked to a state-backed group from China. The latest variant disguises as VMware and has shown increased activity since October 2023, signifying evolving … Read more
February 27, 2024 at 08:51AM The Xeno RAT, an open-source remote access trojan, has been released on GitHub, with capabilities for remote system management and unique features such as real-time audio recording and hidden virtual network computing module. This release underscores the rise of freely available malware, highlighted by cybersecurity firm Cyfirma. Additionally, the article … Read more
February 26, 2024 at 05:57PM The hacking group UAC-0184 utilized steganographic images to deploy the Remcos remote access trojan onto a Ukrainian entity in Finland. The group expanded to target organizations outside Ukraine. The attack involves phishing emails, a modular loader, and executing malware disguised in a PNG image. Details are available in the CERT-UA … Read more
February 11, 2024 at 06:33AM The U.S. Justice Department seized online infrastructure used to sell the Warzone RAT, an information-stealing malware. Two individuals have been arrested and charged. The malware, marketed as Maas for $38/month, enables remote control of infected hosts, with features like file browsing, screenshots, keystroke recording, and webcam activation. International law enforcement … Read more
February 8, 2024 at 09:08AM The Dutch Military Intelligence and Security Service (MIVD) uncovered a potent new malware strain called “Coathanger” being used by Chinese state-sponsored threat actors. It targets FortiGate devices and was deployed to spy on the Dutch Ministry of Defense in 2023. The report advises regular risk analysis and patching for edge … Read more