September 25, 2024 at 12:50PM Threat actors are exploiting public interest in a scandal involving rapper Sean “Diddy” Combs to spread spyware through files claiming to reveal deleted social media posts. Researchers have found PySilon RAT disguised as “PdiddySploit,” posing serious security threats. Attackers are leveraging the scandal to spread malware, urging caution when interacting … Read more
September 19, 2024 at 10:30AM A new malware called SambaSpy targets Italian users through phishing. It uses HTML attachments or links to deploy a multi-functional RAT payload. The attack chains involve redirecting to a legitimate invoice or a malicious web server. SambaSpy can perform various functions, such as managing files, remote desktop, keylogging, and stealing … Read more
September 18, 2024 at 05:00PM SambaSpy, a remote access Trojan (RAT), is a sophisticated tool with various spying and data-stealing functions, initially targeting Italian victims and potentially expanding to other countries. The malware’s capabilities include file management, remote control, password stealing, and more, making it a versatile and powerful tool for threat actors. It is … Read more
September 2, 2024 at 12:24AM Developers of Roblox are being targeted by a persistent campaign that uses fake npm packages to compromise systems, mimicking the popular ‘noblox.js’ library. Attackers employ brandjacking and starjacking to give a facade of legitimacy. Malicious packages steal data and deploy malware, with the end goal being to deploy Quasar RAT … Read more
August 6, 2024 at 12:41PM Hunters International, an emerging ransomware group, has been rapidly advancing with a new remote access Trojan called SharpRhino, deploying Hive ransomware to attack IT professionals. The group leverages typosquatting domains and valid code-signing certificates to install the malware. SharpRhino’s purpose is to ensure persistence and control over targeted systems for … Read more
August 2, 2024 at 06:48AM Proofpoint reports that threat actors have been misusing Cloudflare Tunnels for six months to distribute various remote access trojan (RAT) families. The attackers used the TryCloudflare feature since February 2024 to create one-time tunnels and deliver malware payloads through phishing messages. The attacks have impacted organizations globally, with the threat … Read more
August 1, 2024 at 08:06AM A new Android-targeting remote access trojan named BingoMod, discovered by Cleafy, is designed to steal user information and money through account takeover tactics. The malware, likely developed by Romanian speakers, attempts to lower its detection rate by experimenting with obfuscation techniques. BingoMod also allows threat actors remote device control and … Read more
July 27, 2024 at 03:00AM French authorities, with support from Europol, have initiated a “disinfection operation” to remove the PlugX malware from compromised hosts. The effort, starting in France and involving other countries, comes after a cybersecurity firm’s disclosure and aims to address the remote access trojan’s widespread impact. This cooperative action aims to curb … Read more
July 22, 2024 at 03:36AM The JavaScript downloader malware SocGholish is distributing a remote access trojan called AsyncRAT and the legitimate open-source project BOINC. BOINC is being abused to connect to malicious servers and evade detection. The cybersecurity firm believes these connections pose a high risk and could potentially be used for malicious commands or … Read more
July 11, 2024 at 11:49AM Threat actors have launched a new wave of malicious packages on the NuGet package manager, using a sophisticated approach to evade detection. The 60 fresh packages demonstrate a refined strategy, employing IL weaving to inject malicious functionality into legitimate .NET binaries. The end goal is to deliver a remote access … Read more