August 1, 2024 at 02:34PM Researchers are warning of increased abuse of Cloudflare Tunnel service by threat actors in malware campaigns, often delivering remote access trojans (RATs). Based on the meeting notes, the key takeaway is that researchers are concerned about threat actors using the Cloudflare Tunnel service to deliver remote access trojans (RATs) in … Read more
July 23, 2024 at 11:23AM Thousands of typosquatting domains are exploiting the desperation of IT admins affected by the CrowdStrike outage. The domains aim to deceive users with small typos and extort money through phishing and extortion tactics. CrowdStrike has issued warnings and guidance for affected organizations, while some customers are still experiencing recovery challenges. … Read more
June 18, 2024 at 02:40PM Threat actors are using fake browser updates and error messages to trick users into pasting malicious PowerShell scripts, leading to malware infections. Researchers from Proofpoint identified two social engineering methods and observed the use of PowerShell in various campaigns, indicating a trend of creative attack chains. Mitigation includes user awareness … Read more
June 13, 2024 at 06:48AM Cybersecurity firm Intezer identified a new malware, SSLoad, distributed through a previously undocumented loader called PhantomLoader. SSLoad infiltrates systems through phishing emails and delivers additional malware. It has been observed deploying the legitimate adversary simulation software Cobalt Strike. The malware demonstrates sophisticated capabilities, including reconnaissance and dynamic string decryption. Phishing … Read more
June 4, 2024 at 08:09AM Malware creators are increasingly using legitimate packer apps like BoxedApp to evade detection, with a surge in usage over the past year. This has been observed especially in remote access trojans and ransomware. BoxedApp offers features that make it harder for security systems to detect malware, resulting in a high … Read more
April 10, 2024 at 10:52AM A new phishing campaign aimed at Microsoft Windows users deploys various malware, including VenomRAT, Remcos RAT, NanoCore RAT, and XWorm. The attackers use phishing emails with malicious attachments to infiltrate systems, aiming to steal critical data and establish persistence. Vigilance, education, and robust cybersecurity measures are crucial for mitigating such … Read more
April 4, 2024 at 12:15PM A suspected Vietnamese threat actor named CoralRaider targets victims in Asian and Southeast Asian countries with malware to steal valuable data. They use RotBot, Quasar RAT, and XClient stealer to steal credentials, financial data, and social media accounts primarily for monetization. The group also uses malvertising campaigns on Facebook to … Read more
January 30, 2024 at 09:34AM Mustang Panda, a China-based threat actor, is suspected of targeting Myanmar’s Ministry of Defence and Foreign Affairs in two campaigns using backdoors and remote access trojans. The group has been active since 2012 and has targeted Southeast Asian governments and the Philippines. The attacks involve phishing emails, rogue DLLs, and … Read more
December 11, 2023 at 11:22AM North Korean hackers, under the Andariel group within the Lazarus collective, continue to exploit Log4Shell by launching attacks using new remote access Trojans written in the “D” programming language. These attacks illustrate their uniqueness as they exploit rare programming languages to evade detection, adding complexity to malware detection efforts. Their … Read more
November 20, 2023 at 06:42AM The LummaC2 malware has added a new anti-sandbox technique that uses trigonometry to evade detection and steal valuable information from infected hosts. The malware also incorporates control flow flattening and can deliver additional payloads. It requires the use of a crypter to conceal itself and relies on trigonometry to detect … Read more