August 2, 2024 at 06:48AM Proofpoint reports that threat actors have been misusing Cloudflare Tunnels for six months to distribute various remote access trojan (RAT) families. The attackers used the TryCloudflare feature since February 2024 to create one-time tunnels and deliver malware payloads through phishing messages. The attacks have impacted organizations globally, with the threat … Read more
August 1, 2024 at 08:06AM A new Android-targeting remote access trojan named BingoMod, discovered by Cleafy, is designed to steal user information and money through account takeover tactics. The malware, likely developed by Romanian speakers, attempts to lower its detection rate by experimenting with obfuscation techniques. BingoMod also allows threat actors remote device control and … Read more
July 27, 2024 at 03:00AM French authorities, with support from Europol, have initiated a “disinfection operation” to remove the PlugX malware from compromised hosts. The effort, starting in France and involving other countries, comes after a cybersecurity firm’s disclosure and aims to address the remote access trojan’s widespread impact. This cooperative action aims to curb … Read more
July 22, 2024 at 03:36AM The JavaScript downloader malware SocGholish is distributing a remote access trojan called AsyncRAT and the legitimate open-source project BOINC. BOINC is being abused to connect to malicious servers and evade detection. The cybersecurity firm believes these connections pose a high risk and could potentially be used for malicious commands or … Read more
July 11, 2024 at 11:49AM Threat actors have launched a new wave of malicious packages on the NuGet package manager, using a sophisticated approach to evade detection. The 60 fresh packages demonstrate a refined strategy, employing IL weaving to inject malicious functionality into legitimate .NET binaries. The end goal is to deliver a remote access … Read more
June 22, 2024 at 07:54AM A new phishing attack targets Meta Quest (formerly Oculus) app seekers, tricking them into downloading an adware called AdsExhaust. This adware can capture screenshots, interact with browsers, and generate revenue for operators by clicking on ads. The attack also includes social engineering tactics and the use of YouTube videos to … Read more
June 21, 2024 at 09:45AM Cybersecurity researchers have uncovered a new phishing campaign targeting people in Pakistan, utilizing military-themed documents to deploy a custom backdoor called PHANTOM#SPIKE. The unsophisticated campaign’s ZIP file, posing as meeting minutes for a legitimate event, contains a CHM file and an executable backdoor, enabling remote access and command execution. Based … Read more
June 7, 2024 at 12:14PM A threat actor known as “Sticky Werewolf” is targeting organizations in Russia’s aviation industry, with a focus on espionage related to the Russia-Ukraine conflict. The group has evolved its infection methods to include complex phishing emails and multi-stage malware, aiming to gain access to sensitive information and facilitate data exfiltration. … Read more
May 31, 2024 at 02:07PM Between October 25-27, 2023, a cyber attack dubbed Pumpkin Eclipse bricked over 600,000 SOHO routers from a U.S. ISP, impacting access to the internet. Months later, analysis revealed the Chalubo RAT’s involvement. The attack targeted a single ASN, utilizing Lua functionality and exploiting weak credentials, raising questions about its purpose … Read more
April 25, 2024 at 01:51PM The Lazarus Group utilized job lures to distribute the Kaolin RAT, enabling deployment of the FudModule rootkit. This advanced operation, deemed overkill by Avast, involves a multi-stage sequence to ultimately establish communications with the RAT’s C2 server. The malware is capable of various operations including file manipulation and process execution, … Read more