November 8, 2024 at 02:27AM Researchers have identified a new malware campaign, CRON#TRAP, that infects Windows systems via a malicious shortcut file. It sets up a Linux virtual instance with a backdoor for remote access, complicating detection. Another campaign targets electronics companies using GuLoader malware via spear-phishing emails. Proactive security measures are essential. ### Meeting … Read more
August 1, 2024 at 02:34PM Researchers are warning of increased abuse of Cloudflare Tunnel service by threat actors in malware campaigns, often delivering remote access trojans (RATs). Based on the meeting notes, the key takeaway is that researchers are concerned about threat actors using the Cloudflare Tunnel service to deliver remote access trojans (RATs) in … Read more
June 4, 2024 at 08:09AM Malware creators are increasingly using legitimate packer apps like BoxedApp to evade detection, with a surge in usage over the past year. This has been observed especially in remote access trojans and ransomware. BoxedApp offers features that make it harder for security systems to detect malware, resulting in a high … Read more
March 14, 2024 at 04:21AM Blind Eagle threat actor employs Ande Loader to distribute RATs, targeting Spanish-speaking users in the North American manufacturing industry through phishing emails. This expansion includes leveraging RAR and BZ2 archives to activate the infection chain. Additionally, an alternative attack sequence via Discord CDN link distributes NjRAT. Crypters written by Roda … Read more
January 26, 2024 at 05:48AM Chinese-speaking users have been targeted with malicious Google ads for restricted messaging apps like Telegram in an ongoing malvertising campaign. The threat actor abuses Google advertiser accounts to direct users to pages where they unknowingly download Remote Administration Trojans. Additionally, phishing-as-a-service platform “Greatness” is being used to create legitimate-looking credential … Read more
December 11, 2023 at 09:12AM The Lazarus Group, a North Korea-linked threat actor, has launched a global campaign exploiting Log4j security flaws to deploy remote access trojans. Cisco Talos named the operation “Operation Blacksmith,” noting the use of DLang-based malware families. The group’s tactics overlap with Andariel, targeting various sectors and using NineRAT through a … Read more