CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force

December 10, 2024 at 05:12AM The Ukrainian Computer Emergency Response Team (CERT-UA) warns of phishing attacks targeting defense firms and military forces by the Russia-linked UAC-0185 group. The emails masquerade as official conference invitations, containing malicious links that enable remote system access and credential theft from messaging apps and military systems. ### Meeting Takeaways – … Read more

This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

December 5, 2024 at 11:15AM A new Android remote access trojan (RAT) called DroidBot targets 77 banking institutions and organizations. Disguised as security apps, it utilizes keylogging and UI monitoring. Active since June 2024, it operates on a Malware-as-a-Service model, with affiliates customizing the malware for attacks predominantly across Europe. ### Meeting Takeaways – December … Read more

‘DroidBot’ Android Trojan Targets Banking, Cryptocurrency Applications

December 5, 2024 at 08:29AM A new Android remote access trojan (RAT) named DroidBot targets 77 banks and exchanges, primarily in Europe, with plans to expand to Latin America. It features advanced capabilities like keylogging and overlay attacks, distributed via fake security apps. Offered as malware-as-a-service, affiliates can manage infected devices for various malicious actions. … Read more

Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations

November 15, 2024 at 01:00PM Cybersecurity company Check Point has identified a remote access trojan named WezRat, attributed to Iranian state-sponsored hackers. It enables malicious activities like keylogging and file uploads. Distributed via phishing emails mimicking Israeli authorities, WezRat shows ongoing development, indicating significant investment in cyber espionage targeting various global entities. ### Meeting Takeaways: … Read more

Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

November 11, 2024 at 01:36AM Cybersecurity researchers revealed a new phishing campaign exploiting Remcos RAT, utilizing a malicious Excel attachment to execute a fileless variant. This allows attackers to remotely control compromised computers and gather sensitive data. Additionally, phishing tactics have evolved to include using legitimate DocuSign accounts and ZIP file concatenation to bypass security … Read more

CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

October 26, 2024 at 12:25AM The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a malicious email campaign targeting government and military bodies, linked to the Russian hacking group APT29. These emails use fake AWS domains to deploy Remote Desktop Protocol files for unauthorized access. CERT-UA also reports multiple ongoing cyber threats against Ukraine. … Read more

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

October 15, 2024 at 11:54AM A new malware campaign, utilizing the PureCrypter loader, delivers the DarkVision RAT, enabling capabilities like keylogging and remote access. Disclosed by Zscaler ThreatLabz, the multi-stage process involves a .NET executable and persistence features. DarkVision RAT is affordable, making it appealing to cybercriminals seeking versatile malicious tools. ### Meeting Takeaways – … Read more

Hackers Hide Remcos RAT in GitHub Repository Comments

October 9, 2024 at 05:06PM GitHub and GitLab are increasingly targeted for malicious activities, including a malware campaign using legitimate GitHub repositories and an exploit allowing unauthorized access to users in GitLab. Attackers leverage the platforms’ trusted reputations to deploy malware, highlighting significant security risks for organizations using these collaborative tools. ### Meeting Takeaways: 1. … Read more

Sophisticated RAT Hides Behind P.Diddy Scandal Lures

September 25, 2024 at 12:50PM Threat actors are exploiting public interest in a scandal involving rapper Sean “Diddy” Combs to spread spyware through files claiming to reveal deleted social media posts. Researchers have found PySilon RAT disguised as “PdiddySploit,” posing serious security threats. Attackers are leveraging the scandal to spread malware, urging caution when interacting … Read more

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

September 19, 2024 at 10:30AM A new malware called SambaSpy targets Italian users through phishing. It uses HTML attachments or links to deploy a multi-functional RAT payload. The attack chains involve redirecting to a legitimate invoice or a malicious web server. SambaSpy can perform various functions, such as managing files, remote desktop, keylogging, and stealing … Read more