April 16, 2024 at 02:27PM FBI arrested Edmond Chakhmakhchyan on federal charges for attempting to market and sell malware, providing unauthorized control over a victim’s device. Pleading not guilty, he’s due to stand trial on June 4. Chakhmakhchyan had struck a deal with the malware’s creator to advertise the Hive remote access Trojan (RAT) and … Read more
April 16, 2024 at 04:27AM Two individuals were arrested in Australia and the U.S. for their involvement in developing and distributing the remote access trojan Hive RAT. Edmond Chakhmakhchyan, also known as “Corruption,” from Los Angeles, was charged with selling the malware and faces conspiracy and device advertising charges. Additionally, Charles O. Parks III was … Read more
April 15, 2024 at 04:36PM TA558 hacking group’s “SteganoAmor” campaign uses steganography to conceal and deliver various malware tools, targeting hospitality and tourism organizations worldwide. The campaign involves sending malicious emails with document attachments exploiting a Microsoft Office vulnerability. This leads to the download of various malware families, including spyware, info-stealers, RATs, and downloaders. Over … Read more
April 8, 2024 at 05:15AM A new phishing campaign targets Latin American users by sending a phishing email with a ZIP file attachment containing a malicious HTML file posing as an invoice. When the link in the HTML file is opened from a Mexican IP address, a CAPTCHA verification page opens, leading to a malicious … Read more
April 4, 2024 at 07:03PM Visa issued a security alert warning about increased detections of the JsOutProx malware targeting financial institutions in South and Southeast Asia, the Middle East, and Africa. The malware provides remote access and can execute various malicious activities. Mitigation actions and indicators of compromise were recommended, and the campaign involved phishing … Read more
March 19, 2024 at 02:15AM A new phishing campaign dubbed Operation PhantomBlu is using a sophisticated technique to deploy NetSupport RAT, targeting U.S. organizations with salary-themed phishing emails and exploiting Microsoft Office document templates. Additionally, threat actors are increasingly abusing public cloud services and data-hosting platforms to generate undetectable phishing URLs, sold on underground platforms. … Read more
March 11, 2024 at 02:45AM Magnet Goblin, a financially motivated threat actor, rapidly exploits newly disclosed vulnerabilities to breach public-facing servers and edge devices. The group deploys malware, including a remote access trojan (RAT) called Nerbian and MiniNerbian, to execute arbitrary commands and steal credentials. Their campaigns are financially motivated and target areas previously left … Read more
March 7, 2024 at 10:55AM Researchers from Palo Alto Networks have discovered new variants of the Bifrost malware targeting Linux. These variants use typosquatting to mimic a legitimate VMware domain, making detection difficult. The malware collects sensitive information and attempts to expand its reach to ARM-based devices. Palo Alto Networks has detected over 100 instances, … Read more
February 28, 2024 at 12:26PM The Lazarus Group exploited a zero-day flaw in the Windows AppLocker driver to gain kernel-level access and disable security tools. Avast analysts reported the activity, leading to a fix by Microsoft (CVE-2024-21338). The new FudModule rootkit by Lazarus includes advanced evasion techniques. Avast also discovered a previously undocumented RAT used … Read more
January 25, 2024 at 11:38AM Cybersecurity researchers have uncovered details about the SystemBC malware, noting its availability on underground markets and its capability to control compromised hosts, deliver various payloads, and use SOCKS5 proxies to mask network traffic. There is also insight into an updated version of the DarkGate remote access trojan, showcasing weaknesses in … Read more