February 2, 2024 at 10:44AM The Indian APT group Patchwork used six Android espionage applications on Google Play, masquerading as messaging and news services, to distribute the VajraSpy remote access Trojan. ESET researchers found the RAT intercepts calls, messages, extracts WhatsApp and Signal messages, records calls, and takes pictures. The campaign primarily targeted Pakistani users … Read more
February 1, 2024 at 02:11PM VajraSpy, an Android remote access trojan, was discovered in 12 apps, 6 of which were on Google Play. The malware stole personal data and targeted users primarily in Pakistan. ESET researchers linked it to the Patchwork APT group and advised against downloading obscure chat apps. The threat actors’ tactics continue … Read more
January 25, 2024 at 12:52PM Researchers have detected a threat actor utilizing a new, sophisticated downloader named “CherryLoader” to gain admin-level access on systems. The attacker also utilized privilege escalation tools from the “potato” family. CherryLoader’s notable feature is its ability to swap payloads without recompiling code, enhancing flexibility and evading detection. Based on the … Read more
January 25, 2024 at 11:38AM Cybersecurity researchers have uncovered details about the SystemBC malware, noting its availability on underground markets and its capability to control compromised hosts, deliver various payloads, and use SOCKS5 proxies to mask network traffic. There is also insight into an updated version of the DarkGate remote access trojan, showcasing weaknesses in … Read more
January 16, 2024 at 08:33AM The Remcos RAT, disguised as adult-themed games, is being distributed in South Korea through webhards. This sophisticated remote access trojan allows threat actors to unauthorizedly control and surveil compromised hosts, exfiltrating sensitive information. Originally marketed as a remote administration tool, it has evolved into a potent weapon for infiltrating systems … Read more
January 8, 2024 at 09:19AM Threat actors known as Anonymous Arabic have released a remote access trojan called Silver RAT, designed to bypass security software and launch hidden applications. The group also offers services such as the distribution of cracked RATs and social media bots used for promoting illicit activities. Silver RAT was first observed … Read more
December 28, 2023 at 01:54AM A new malware loader, Win/TrojanDownloader.Rugmi, is being used to distribute various information stealers like Lumma Stealer, Vidar, and RecordBreaker. ESET reports a spike in Rugmi loader detections in late 2023. Stealer malware, like Lumma, is sold as a service, utilizing various distribution methods including leveraging Discord’s content delivery network. McAfee … Read more