Packed With Features, ‘SambaSpy’ RAT Delivers Hefty Punch

September 18, 2024 at 05:00PM SambaSpy, a remote access Trojan (RAT), is a sophisticated tool with various spying and data-stealing functions, initially targeting Italian victims and potentially expanding to other countries. The malware’s capabilities include file management, remote control, password stealing, and more, making it a versatile and powerful tool for threat actors. It is … Read more

Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems

September 2, 2024 at 12:24AM Developers of Roblox are being targeted by a persistent campaign that uses fake npm packages to compromise systems, mimicking the popular ‘noblox.js’ library. Attackers employ brandjacking and starjacking to give a facade of legitimacy. Malicious packages steal data and deploy malware, with the end goal being to deploy Quasar RAT … Read more

Hunters International Disguises SharpRhino RAT as Legitimate Network Admin Tool

August 6, 2024 at 12:41PM Hunters International, an emerging ransomware group, has been rapidly advancing with a new remote access Trojan called SharpRhino, deploying Hive ransomware to attack IT professionals. The group leverages typosquatting domains and valid code-signing certificates to install the malware. SharpRhino’s purpose is to ensure persistence and control over targeted systems for … Read more

Cloudflare Tunnels Abused for Malware Delivery

August 2, 2024 at 06:48AM Proofpoint reports that threat actors have been misusing Cloudflare Tunnels for six months to distribute various remote access trojan (RAT) families. The attackers used the TryCloudflare feature since February 2024 to create one-time tunnels and deliver malware payloads through phishing messages. The attacks have impacted organizations globally, with the threat … Read more

BingoMod Android RAT Wipes Devices After Stealing Money

August 1, 2024 at 08:06AM A new Android-targeting remote access trojan named BingoMod, discovered by Cleafy, is designed to steal user information and money through account takeover tactics. The malware, likely developed by Romanian speakers, attempts to lower its detection rate by experimenting with obfuscation techniques. BingoMod also allows threat actors remote device control and … Read more

French Authorities Launch Operation to Remove PlugX Malware from Infected Systems

July 27, 2024 at 03:00AM French authorities, with support from Europol, have initiated a “disinfection operation” to remove the PlugX malware from compromised hosts. The effort, starting in France and involving other countries, comes after a cybersecurity firm’s disclosure and aims to address the remote access trojan’s widespread impact. This cooperative action aims to curb … Read more

SocGholish Malware Exploits BOINC Project for Covert Cyberattacks

July 22, 2024 at 03:36AM The JavaScript downloader malware SocGholish is distributing a remote access trojan called AsyncRAT and the legitimate open-source project BOINC. BOINC is being abused to connect to malicious servers and evade detection. The cybersecurity firm believes these connections pose a high risk and could potentially be used for malicious commands or … Read more

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

July 11, 2024 at 11:49AM Threat actors have launched a new wave of malicious packages on the NuGet package manager, using a sophisticated approach to evade detection. The 60 fresh packages demonstrate a refined strategy, employing IL weaving to inject malicious functionality into legitimate .NET binaries. The end goal is to deliver a remote access … Read more

Warning: New Adware Campaign Targets Meta Quest App Seekers

June 22, 2024 at 07:54AM A new phishing attack targets Meta Quest (formerly Oculus) app seekers, tricking them into downloading an adware called AdsExhaust. This adware can capture screenshots, interact with browsers, and generate revenue for operators by clicking on ads. The attack also includes social engineering tactics and the use of YouTube videos to … Read more

Military-themed Email Scam Spreads Malware to Infect Pakistani Users

June 21, 2024 at 09:45AM Cybersecurity researchers have uncovered a new phishing campaign targeting people in Pakistan, utilizing military-themed documents to deploy a custom backdoor called PHANTOM#SPIKE. The unsophisticated campaign’s ZIP file, posing as meeting minutes for a legitimate event, contains a CHM file and an executable backdoor, enabling remote access and command execution. Based … Read more