Linux Variants of Bifrost Trojan Evade Detection via Typosquatting

March 7, 2024 at 10:55AM Researchers from Palo Alto Networks have discovered new variants of the Bifrost malware targeting Linux. These variants use typosquatting to mimic a legitimate VMware domain, making detection difficult. The malware collects sensitive information and attempts to expand its reach to ARM-based devices. Palo Alto Networks has detected over 100 instances, … Read more

Lazarus hackers exploited Windows zero-day to gain Kernel privileges

February 28, 2024 at 12:26PM The Lazarus Group exploited a zero-day flaw in the Windows AppLocker driver to gain kernel-level access and disable security tools. Avast analysts reported the activity, leading to a fix by Microsoft (CVE-2024-21338). The new FudModule rootkit by Lazarus includes advanced evasion techniques. Avast also discovered a previously undocumented RAT used … Read more

SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks

January 25, 2024 at 11:38AM Cybersecurity researchers have uncovered details about the SystemBC malware, noting its availability on underground markets and its capability to control compromised hosts, deliver various payloads, and use SOCKS5 proxies to mask network traffic. There is also insight into an updated version of the DarkGate remote access trojan, showcasing weaknesses in … Read more

Syrian Threat Group Peddles Destructive SilverRAT

January 5, 2024 at 02:23PM The SilverRAT Trojan, with ties to Turkey and Syria, is set to release an updated version allowing for control over Windows systems and Android devices. The sophisticated tool includes features for keylogging, ransomware attacks, anti-antivirus bypasses, and more. The group, Anonymous Arabic, also offers DDoS attacks and operates in various … Read more

New Bandook RAT Variant Resurfaces, Targeting Windows Machines

January 5, 2024 at 01:27AM A new variant of the Bandook trojan is being spread through phishing attacks, targeting Windows machines. The malware is distributed via a PDF file embedding a link to a password-protected .7z archive. After extraction, the malware injects its payload into msinfo32.exe. This off-the-shelf malware can remotely control infected systems and … Read more

Researchers Unveal GuLoader Malware’s Latest Anti-Analysis Techniques

December 9, 2023 at 02:36AM Threat hunters expose GuLoader malware’s evolving obfuscation tactics, making analysis time-consuming. Used in phishing campaigns, it distributes various payloads and is continually updated to evade security measures. Similar updates seen in DarkGate RAT, showcasing the sophistication and adaptability of modern malware threats. Remote access trojans are leveraging novel email-based infection … Read more

A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets

November 30, 2023 at 04:08PM A modified “Gh0st RAT” malware, called “SugarGh0st,” has been targeting South Koreans and Uzbekistan’s Ministry of Foreign Affairs. Distributed via phishing with decoy documents, the updated malware evades detection and allows remote access, data theft, and system manipulation. Originating from March 2008, Gh0st RAT remains effective due to its adaptability … Read more

NetSupport RAT Infections on the Rise – Targeting Government and Business Sectors

November 20, 2023 at 11:01AM Threat actors are using a remote access trojan called NetSupport RAT to target the education, government, and business services sectors. The trojan is delivered through fraudulent updates, drive-by downloads, malware loaders, and phishing campaigns. The cybersecurity firm VMware Carbon Black has detected 15 new infections related to NetSupport RAT in … Read more

Actions to Take to Defeat Initial Access Brokers

November 17, 2023 at 12:08PM Access-as-a-service (AaaS) is a new cybercrime business model that involves selling methods for accessing networks. Criminals known as access brokers steal enterprise user credentials and sell them to other attackers. The buyers then use ransomware or malware services to steal confidential data. Countermeasures to mitigate these threats include monitoring the … Read more