WOKMALWARE 2023 2022 2021 2020 2019 Viry znalosti Programy Virus Calendar MALWARE TRAFFIC Ransom Database Znalosti Programy Banking Mobil RAT Evolution MALWARE DATABAZE Malware Families CoinMiner RAT Banking Malware Mobil malware RAT ROOTKIT
HOME Adware Android App Apple APT Backdoor Banking Bootkit Bot CoinMiner Crypto Cryptomining CyberSpy Downloader Dropper ELF FUD Engine GO base ICS InfoStealer iOS Java JavaScript Keylogger Loader macOS Macro Mobil App OSX PyPI Python RAT Rootkit Spy Spyware Stealer Tool Trojan VBA VBS Wipper Worm
2024 2023 2022
DATE |
NAME |
info |
CATEGORY |
SUBC |
| 16.5.25 | Remcos RAT | Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT | MALWARE | RAT |
| 13.5.25 | Noodlophile | New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms | MALWARE | STEALER |
| 10.5.25 | OtterCookie v4 | Additional Features of OtterCookie Malware Used by WaterPlum | MALWARE | STEALER |
| 9.5.25 | PupkinStealer | PupkinStealer : A .NET-Based Info-Stealer | MALWARE | STEALER |
| 9.5.25 | HANNIBAL Stealer | HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage | MALWARE | STEALER |
| 8.5.25 | StealC | I StealC You: Tracking the Rapid Changes To StealC | MALWARE | Steal |
| 8.5.25 | COLDRIVER | COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | MALWARE | Steal |
| 6.5.25 | TerraStealerV2 and TerraLogger | TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered | MALWARE | Loader |
| 2.5.25 | MintsLoader | Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting | MALWARE | Loader |
| 1.5.25 | Sheriff | IBM X-Force discovers new Sheriff Backdoor used to target Ukraine | MALWARE | Backdoor |
| 25.4.25 | DslogdRAT | DslogdRAT Malware Installed in Ivanti Connect Secure | MALWARE | RAT |
| 24.4.25 | io_uring | io_uring Is Back, This Time as a Rootkit | MALWARE | ROOTKIT |
| 22.4.25 | SuperCard X Malware | A novel Android malware offered through a Malware-as-a-Service (MaaS) model, enabling NFC relay attacks for fraudulent cash-outs. | MALWARE | ANDROID |
| 18.4.25 | MysterySnail RAT | IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia | MALWARE | RAT |
| 18.4.25 | PAKLOG, CorKLOG, and SplatCloak | P2 | Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 | MALWARE | APT |
| 18.4.25 | ToneShell and StarProxy | P1 | Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 | MALWARE | APT |
| 18.4.25 | XorDDoS controller | Unmasking the new XorDDoS controller and infrastructure | MALWARE | DDoS |
| 16.4.25 | Android.Clipper | Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft? | MALWARE | Android |
| 16.4.25 | BPFDoor | BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets | MALWARE | Backdoor |
| 16.4.25 | SNOWLIGHT | According to sysdig, SNOWLIGHT is used as a dropper for its fileless payload (vshell). | MALWARE | Linux |
| 15.4.25 | ResolverRAT | New Malware Variant Identified: ResolverRAT Enters the Maze | MALWARE | RAT |
| 15.4.25 | CurlBack RAT | Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks | MALWARE | RAT |
| 12.4.25 | TsarBot | TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications | MALWARE | Bot |
| 11.4.25 | SpyNote | Newly Registered Domains Distributing SpyNote Malware | MALWARE | Android RAT |
| 10.4.25 | GammaSteel | Shuckworm Targets Foreign Military Mission Based in Ukraine | MALWARE | PowerShell |
| 9.4.25 | TCESB | How ToddyCat tried to hide behind AV software | MALWARE | Rootkit |
| 9.4.25 | ClipBanker | Attackers distributing a miner and the ClipBanker Trojan via SourceForge | MALWARE | Trojan |
| 2.4.25 | Outlaw | Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective | MALWARE | Linux |
| 2.4.25 | HijackLoader | Analyzing New HijackLoader Evasion Tactics |
Loader |
|
| 2.4.25 | Anubis Backdoor | The Savage Ladybug , also known as FIN7, has developed a new, mildly obfuscated Python-based backdoor called Anubis Backdoor . This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine. |
Backdoor |
|
|
1.4.25 |
To achieve persistence on infected systems, Water Gamayun employs two distinct backdoors in their campaigns. In earlier campaigns with encrypthub[.]net/org, they utilized the SilentPrism backdoor, a tool designed for stealthy access and control. In their latest campaign, we identified a new backdoor, which we have named DarkWisp. |
Backdoor |
||
|
1.4.25 |
The MSC EvilTwin loader represents a novel approach (CVE-2025-26633) to malware deployment by leveraging specially crafted Microsoft Saved Console (.msc) files. The MSC EvilTwin loader creates two directories: C:\Windows \System32<space>\ and C:\Windows<space>\System32\en-US. |
Loader |
||
|
1.4.25 |
SilentPrism is a backdoor malware designed to achieve persistence, dynamically execute shell commands, and maintain unauthorized remote control of compromised systems. |
Backdoor |
||
|
1.4.25 |
On July 26, 2024, security researcher Germán Fernández tweeted about a fake WinRAR website distributing various types of malwares, including stealers, miners, hidden virtual network computing (hVNC), and ransomware, as shown. These malicious tools were hosted on a GitHub repository named "encrypthub," managed by a user called "sap3r-encrypthub" |
Stealer |
||
|
31.3.25 |
CISA analyzed three files obtained from a critical infrastructure’s Ivanti Connect Secure device after threat actors exploited Ivanti CVE-2025-0282 for initial access. One file—that CISA is calling RESURGE—has functionality similar to SPAWNCHIMERA in how it creates a Secure Shell (SSH) tunnel for command and control (C2). |
ICS |
||
|
29.3.25 |
Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices |
ANDROID |
||
|
28.3.25 |
ANALYSIS OF A DISCORD-BASED REMOTE ACCESS TROJAN (RAT) |
RAT |
||
|
28.3.25 |
Analysis of Konni RAT: Stealth, Persistence, and Anti-Analysis Techniques |
RAT |
||
|
28.3.25 |
SnakeKeylogger | SnakeKeylogger – A Multistage Info Stealer Malware Campaign | MALWARE | Keylogger |
|
28.3.25 |
CoffeeLoader | CoffeeLoader: A Brew of Stealthy Techniques | MALWARE | Loader |
|
28.3.25 |
PJobRAT | PJobRAT makes a comeback, takes another crack at chat apps | MALWARE | ANDROID RAT |
|
28.3.25 |
EDRKillShifter | Shifting the sands of RansomHub’s EDRKillShifter | MALWARE | Tool |
|
25.3.25 |
Raspberry Robin | Raspberry Robin: Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor Attacks | MALWARE | Worm |
|
21.3.25 |
Bloody Wolf | The notorious cluster changes its toolkit by switching from malware to a legitimate remote administration tool | MALWARE | Toolkit |
|
21.3.25 |
ABYSSWORKER | Shedding light on the ABYSSWORKER driver | MALWARE | Driver |
|
21.3.25 |
Arcane stealer | What’s intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla and DynDNS. The stealer was named Arcane, not to be confused with the well-known Arcane Stealer V. | MALWARE | Stealer |
|
20.3.25 |
Paragon's Adroid Spyware | Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations | MALWARE | Android |
|
20.3.25 |
PEAKLIGHT | PEAKLIGHT: Decoding the Stealthy Memory-Only Malware | MALWARE | DROPPER |
|
20.3.25 |
ClearFake | ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery | MALWARE | JAVASCRIPT |
|
18.3.25 |
StilachiRAT | StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | MALWARE | RAT |
|
16.3.25 |
StealBit | THREAT ANALYSIS REPORT: Inside the LockBit Arsenal - The StealBit Exfiltration Tool | MALWARE | TOOL |
| 14.3.25 | MassJacker | Captain MassJacker Sparrow: Uncovering the Malware’s Buried Treasure | MALWARE | Cryptojacking |
| 14.3.25 | OBSCURE#BAT | Analyzing OBSCURE#BAT: Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits | MALWARE | Rootkit |
| 13.3.25 | KoSpy | Lookout Discovers New Spyware by North Korean APT37 | MALWARE | Spyware |
|
8.3.25 | BADBOX 2.0 | Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes | MALWARE | Android |
|
8.3.25 | Zloader 2.9.4.0 | Inside Zloader’s Latest Trick: DNS Tunneling |
Loader |
|
| 8.3.25 | Skuld stealer | TMPN (Skuld) Stealer: The dark side of open source | MALWARE | Stealer |
| 8.3.25 | Trojan-Downloader.Win32.TookPS | Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity | MALWARE | AI |
| 8.3.25 | Ragnar Loader | (a.k.a Sardonic Backdoor) is a sophisticated toolkit of the Monstrous Mantis | MALWARE | Loader |
| 7.3.25 | Cobalt Strike kit | Unmasking the new persistent attacks on Japan | Kit | |
| 7.3.25 | EncryptRAT | Unveiling EncryptHub: Analysis of a multi-stage malware campaign | MALWARE | RAT |
| 6.3.25 | Poco RAT | The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT | MALWARE | RAT |
| 5.3.25 | Typosquatted | Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems | MALWARE | Go |
| 5.3.25 | BackConnect | Qbot is Back.Connect | MALWARE | Stealer |
| 5.3.25 | Polyglot Malware | Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware | MALWARE | Go |
| 5.3.25 | clipper malware | Infostealer Campaign against ISPs | MALWARE | Infostealer |
| 4.3.25 | Havoc | Havoc: SharePoint with Microsoft Graph API turns into FUD C2 | MALWARE | Loader |
| 27.2.25 | CleverSoar | New “CleverSoar” Installer Targets Chinese and Vietnamese Users | MALWARE | Rootkit |
| 27.2.25 | ValleyRAT | ValleyRAT Insights: Tactics, Techniques, and Detection Methods | MALWARE | RAT |
| 27.2.25 | Winos 4.0 | Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan | MALWARE | MALWARE |
| 27.2.25 | TgToxic | Android trojan TgToxic updates its capabilities | MALWARE | Android |
| 26.2.25 | Auto-Color | Auto-Color: An Emerging and Evasive Linux Backdoor | MALWARE | Linux |
| 26.2.25 | LightSpy | LightSpy Expands Command List to Include Social Media Platforms | MALWARE | Spyware |
| 25.2.25 | HiddenGh0st RAT | Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign | MALWARE | RAT |
| 24.2.25 | ACRStealer | ACRStealer Infostealer Exploiting Google Docs as C2 | MALWARE | Stealer |
| 22.2.25 | NailaoLocker | Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors | MALWARE | Backdoor |
| 22.2.25 | Shadowpad | Updated Shadowpad Malware Leads to Ransomware Deployment | MALWARE | Backdoor |
| 20.2.25 | XLoader | XLoader Executed Through JAR Signing Tool (jarsigner.exe) | MALWARE | Loader |
| 20.2.25 | StaryDobry | StaryDobry ruins New Year’s Eve, delivering miner instead of presents | MALWARE | Cryptominer |
| 20.2.25 | Snake Keylogger | FortiSandbox 5.0 Detects Evolving Snake Keylogger Variant | MALWARE | Keylogger |
| 20.2.25 | JS to C2 | javascript-to-command-and-control-c2-server-malware | MALWARE | JavaScript |
| 18.2.25 | FrigidStealer | An Update on Fake Updates: Two New Actors, and New Mac Malware | MALWARE | MacOS |
| 18.2.25 | ELF/Sshdinjector.A!tr | Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst | MALWARE | Linux |
| 18.2.25 | DEATHLOTUS | A passive CGI backdoor that supports file creation and command execution | MALWARE | Backdoor |
| 18.2.25 | UNAPIMON | A defense evasion utility written in C++ | MALWARE | Utility |
| 18.2.25 | PRIVATELOG | A loader that's used to drop Winnti RAT (aka DEPLOYLOG) which, in turn, delivers a kernel-level rootkit named WINNKIT by means of a rootkit installer | MALWARE | Rootkit |
| 18.2.25 | CUNNINGPIGEON | A backdoor that uses Microsoft Graph API to fetch commands – file and process management, and custom proxy – from mail messages | MALWARE | Backdoor |
| 18.2.25 | WINDJAMMER | A rootkit with capabilities to intercept TCPIP Network Interface, as well as create covert channels with infected endpoints within intranet | MALWARE | Rootkit |
| 18.2.25 | SHADOWGAZE | A passive backdoor reusing listening port from IIS web server | MALWARE | Backdoor |
| 18.2.25 | XCSSET | Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that targets users by infecting Xcode projects, in the wild. | MALWARE | MacOS |
| 18.2.25 | Golang Backdoor | Telegram Abused as C2 Channel for New Golang Backdoor | MALWARE | Backdoor |
| 10.2.25 | FINALDRAFT | From South America to Southeast Asia: The Fragile Web of REF7707 | MALWARE | Malware |
| 10.2.25 | NAPLISTENER | NAPLISTENER: more bad dreams from developers of SIESTAGRAPH | MALWARE | Malware |
| 10.2.25 | BadIIS | This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment. | MALWARE | Malware |
| 10.2.25 | ASPXSpy | ASPXSpy is a Web shell. It has been modified by Threat Group-3390 actors to create the ASPXTool version. | MALWARE | Malware |
| 10.2.25 | Malicious ML models | Malicious ML models discovered on Hugging Face platform | MALWARE | AI |
| 10.2.25 | ValleyRAT | Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques | MALWARE | RAT |
| 10.2.25 | Sliver | Not-so-SimpleHelp exploits enabling deployment of Sliver backdoor | MALWARE | Backdoor |
| 10.2.25 | SparkCat | Take my money: OCR crypto stealers in Google Play and App Store | MALWARE | Android |
| 5.2.25 | RDP Wrapper | Persistent Threats from the Kimsuky Group Using RDP Wrapper | MALWARE | Wrapper |
| 5.2.25 | AsyncRAT | AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again | MALWARE | RAT |
| 5.2.25 | FERRET | macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed | MALWARE | macOS |
| 5.2.25 | boltdb-go | Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence | MALWARE | GO Backdoor |
| 5.2.25 | Coyote Banking Trojan | Coyote Banking Trojan: A Stealthy Attack via LNK Files | MALWARE | Banking |
|
2.1.25 |
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts |
RAT |
||
|
28.12.24 |
OtterCookie, a new malware used by Contagious Interview |
JavaScript |
||
|
26.12.24 |
BellaCPP: Discovering a new BellaCiao variant written in C++ |
Malware |
||
|
22.12.24 |
HeartCrypt was originally discovered through underground forums and reported by security researchers in February and March 2024. |
Crypto |
||
|
22.12.24 |
The latest version of WezRat was recently distributed to multiple Israeli organizations in a wave of emails impersonating the Israeli National Cyber Directorate (INCD). |
RAT |
||
|
21.12.24 |
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware |
Backdoor |
||
|
18.12.24 |
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion |
RAT |
||
|
18.12.24 |
Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads |
Backdoor |
||
|
17.12.24 |
Until 2016, the foreign security manufacturer Forcepoint disclosed the existence of the Manlinghua organization for the first time [1] , which had not been discovered before. |
RAT |
||
|
17.12.24 |
Bitter Group Launches New Trojan Miyarat, Domestic Users Become Primary Ttargets |
RAT |
||
|
17.12.24 |
CoinLurker: The Stealer Powering the Next Generation of Fake Updates |
STEALER |
||
|
16.12.24 |
“A Digital Prison”: Surveillance and the suppression of civil society in Serbia |
ANDROID |
||
|
16.12.24 |
Glutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals |
BACKDOOR |
||
|
16.12.24 |
New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9 |
BACKDOOR |
||
|
14.12.24 |
New Yokai Side-loaded Backdoor Targets Thai Officials |
BACKDOOR |
||
|
14.12.24 |
NodeLoader Exposed: The Node.js Malware Evading Detection |
LOADER |
||
|
13.12.24 |
Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by Iran-affiliated attackers to attack Israel- and U.S.-based OT/IoT devices. |
IoT |
||
|
13.12.24 |
PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers. |
ROOTKIT |
||
|
12.12.24 |
Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT |
ANDROID |
||
|
12.12.24 |
Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT |
ANDROID |
||
|
11.12.24 |
Upgraded Kazuar Backdoor Offers Stealthy Power |
BACKDOOR |
||
|
11.12.24 |
Inside Zloader’s Latest Trick: DNS Tunneling |
TROJAN |
||
|
11.12.24 |
Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus |
SPYWARE |
||
|
10.12.24 |
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices |
BANKING |
||
|
07.12.24 |
Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows |
STEALER |
||
|
06.12.24 |
iVerify Mobile Threat Investigation Uncovers New Pegasus Samples |
MOBILE |
||
|
06.12.24 |
Unveiling RevC2 and Venom Loader |
LOADER |
||
|
06.12.24 |
BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure |
DROPPER |
||
|
06.12.24 |
DroidBot: Insights from a new Turkish MaaS fraud operation |
ANDROID |
||
|
03.12.24 |
Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT |
RAT |
||
|
03.12.24 |
Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT |
RAT |
||
|
02.12.24 |
SmokeLoader Attack Targets Companies in Taiwan |
LOADER |
||
|
02.12.24 |
SpyLoan: A Global Threat Exploiting Social Engineering |
SPYWARE |
||
|
28.11.24 |
Gaming Engines: An Undetected Playground for Malware Loaders |
LOADER |
||
|
27.11.24 |
Bootkitty: Analyzing the first UEFI bootkit for Linux |
BOOTKIT |
||
|
26.11.24 |
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries |
RAT |
||
|
25.11.24 |
When Guardians Become Predators: How Malware Corrupts the Protectors |
ROOTKIT |
||
|
22.11.24 |
Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository. |
STEALER |
||
|
21.11.24 |
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine |
LINUX BACKDOOR |
||
|
21.11.24 |
Attacks on Ukraine’s Energy Infrastructure: Harm to the Civilian Population |
MALWARE |
||
|
21.11.24 |
Python NodeStealer Targets Facebook Ads Manager with New Techniques |
STEALER |
||
|
19.11.24 |
Babble Babble Babble Babble Babble Babble BabbleLoader |
LOADER |
||
|
18.11.24 |
The Abuse of ITarian RMM by Dolphin Loader |
LOADER |
||
|
18.11.24 |
LodaRAT: Established Malware, New Victim Patterns |
RAT |
||
|
18.11.24 |
Mr.Skeleton RAT - new malware based on the njRAT code |
RAT |
||
|
16.11.24 |
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA |
STEALER |
||
|
15.11.24 |
Malware Spotlight: A Deep-Dive Analysis of WezRat |
RAT |
||
|
15.11.24 |
New PXA Stealer targets government and education sectors for sensitive information |
STEALER |
||
|
14.11.24 |
Stealthy Attributes of Lazarus APT Group: Evading Detection with Extended Attributes |
DOWNLOADER |
||
|
12.11.24 |
APT Actors Embed Malware within macOS Flutter Applications |
MacOS |
||
|
12.11.24 |
Ymir: new stealthy ransomware in the wild |
STEALER |
||
|
11.11.24 |
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign |
LOADER |
||
|
08.11.24 |
Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT |
RAT |
||
|
08.11.24 |
Roblox Developers Targeted with npm Packages Infected with Skuld Infostealer and Blank Grabber |
STEALER |
||
|
08.11.24 |
CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging |
LINUX |
||
|
08.11.24 |
BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence |
CRYPTO |
||
|
07.11.24 |
New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency |
TROJAN |
||
|
06.11.24 |
Threat Campaign Spreads Winos4.0 Through Game Application |
TROJAN |
||
|
06.11.24 |
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM |
BANKING |
||
|
04.11.24 |
As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a new variant of a well-known malware previously reported by ThreatFabric and Kaspersky. |
ANDROID |
||
|
1.11.24 |
In May 2024, ThreatFabric published a report about LightSpy for macOS. During that investigation, we discovered that the threat actor was using the same server for both macOS and iOS campaigns. |
iOS |
||
|
28.10.24 |
Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview |
PYTHON |
||
|
28.10.24 |
Grandoreiro, the global trojan with grandiose goals |
BANKING |
||
|
28.10.24 |
Analyzing Latrodectus: The New Face of Malware Loaders |
LOADER |
||
|
27.10.24 |
Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks. |
LINUX |
||
|
27.10.24 |
Expanding the Investigation: Deep Dive into Latest TrickMo Samples |
BANKING |
||
|
27.10.24 |
DarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020, offered on Hack Forums and their website for as little as $60. Written in C/C++, and assembly, DarkVision RAT has gained popularity due to its affordability and extensive feature set, making it accessible even to low-skilled cybercriminals. |
RAT |
||
27.9.24 |
DCRat Targets Users with HTML Smuggling |
RAT | ||
27.9.24 |
Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy |
BACKDOOR | ||
27.9.24 |
Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy |
KEYLOGGER | ||
25.9.24 |
Cyfirma researchers have discovered a website promoting a tool called 'Taliban Stealer'. Once executed, this stealer prompts the user to select what data to collect from the machine, such as passwords, cookies, or cryptocurrency wallets. |
Stealer | ||
25.9.24 |
A Comprehensive Analysis of Angry Stealer : Rage Stealer in a New Disguise |
Stealer | ||
25.9.24 |
X-FILES Stealer: Advanced malware with sophisticated features and ongoing enhancements |
Stealer | ||
25.9.24 |
QWERTY is a newly discovered infostealer variant observed being hosted on a Linux-based virtual private server located in Germany with limited service exposure. |
Stealer | ||
25.9.24 |
There's Something About CryptBot: Yet Another Silly Stealer (YASS) |
Stealer | ||
25.9.24 |
At CYFIRMA, we are dedicated to delivering timely insights into emerging threats and malicious tactics that pose risks to both organizations and individuals. This report offers an analysis of a newly identified keylogger that operates via a PowerShell script. |
Keylogger | ||
25.9.24 |
Poseidon Stealer Uses Sora AI Lure to Infect macOS |
Stealer | ||
25.9.24 |
Luxy: A Stealer and a Ransomware in one |
Stealer | ||
25.9.24 |
Gomorrah Stealer v5.1: An In-Depth Analysis of a .NET-Based Malware |
Stealer | ||
25.9.24 |
In August 2024, FortiGuard Labs observed a python infostealer we call Emansrepo that is distributed via emails that include fake purchase orders and invoices. |
Stealer | ||
25.9.24 |
BLX Stealer known also as XLABB Stealer is a malware variant initially discovered back last year. New activity attributed to this infostealer has been observed in the wild. |
Stealer | ||
25.9.24 |
Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware |
RAT | ||
25.9.24 |
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool |
Tool Exploit | ||
25.9.24 |
Spyware Injection Into Your ChatGPT's Long-Term Memory (SpAIware) |
Spyware AI | ||
24.9.24 |
Octo2: European Banks Already Under Attack by New Malware Variant |
Android | ||
24.9.24 |
How the Necro Trojan infiltrated Google Play, again |
TROJAN | ||
23.9.24 |
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors |
RAT | ||
19.9.24 |
Exotic SambaSpy is now dancing with Italian users |
RAT | ||
18.9.24 |
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader |
Backdoor | ||
17.9.24 |
North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware |
CRYPTOCURRENCY | ||
14.9.24 |
A new TrickMo saga: from Banking Trojan to Victim's Data Leak |
Banking | ||
14.9.24 |
Hadooken Malware Targets Weblogic Applications |
Linux | ||
13.9.24 |
Ajina attacks Central Asia: Story of an Uzbek Android Pandemic |
Banking | ||
13.9.24 |
Void captures over a million Android TV boxes |
TV | ||
13.9.24 |
Targeted Iranian Attacks Against Iraqi Government Infrastructure |
ISS Backdoor | ||
13.9.24 |
Targeted Iranian Attacks Against Iraqi Government Infrastructure |
ISS Backdoor | ||
9.9.24 |
WhisperGate is a multi-stage wiper designed to look like ransomware that has been used against multiple government, non-profit, and information technology organizations in Ukraine since at least January 2022. |
Wrapper | ||
9.9.24 |
New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition |
Android | ||
9.9.24 |
Loki: a new private agent for the popular Mythic framework |
Backdoor | ||
9.9.24 |
TIDRONE Targets Military and Satellite Industries in Taiwan |
Military Malware | ||
8.9.24 |
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams |
Python | ||
5.9.24 |
Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion |
Backdoor | ||
5.9.24 |
Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant |
Loader | ||
5.9.24 |
Rocinante: The trojan horse that wanted to fly |
Trojan | ||
30.8.24 |
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool |
Backdoor | ||
30.8.24 |
APT Attack Case Analysis Report Using noMu Backdoor |
Backdoor | ||
28.8.24 |
HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat |
MacOS | ||
26.8.24 |
NGate Android malware relays NFC traffic to steal cash |
Android | ||
25.8.24 |
Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules |
Linux | ||
24.8.24 |
PEAKLIGHT: Decoding the Stealthy Memory-Only Malware |
Downloader | ||
23.8.24 |
From the Depths: Analyzing the Cthulhu Stealer Malware for macOS |
MacOS | ||
23.8.24 |
MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors |
Backdoor | ||
22.8.24 |
PG_MEM: A Malware Hidden in the Postgres Processes |
CRYPTOCURRENCY | ||
21.8.24 |
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure |
RAT | ||
21.8.24 |
Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove |
Stealer | ||
21.8.24 |
TodoSwift Disguises Malware Download Behind Bitcoin PDF |
MacOS | ||
21.8.24 |
CharmingCypress: Innovating Persistence |
Families | ||
21.8.24 |
Meet UULoader: An Emerging and Evasive Malicious Installer. |
Loader | ||
21.8.24 |
Finding Malware: Unveiling NUMOZYLOD with Google Security Operations |
Maas | ||
16.8.24 |
SharpRhino – New Hunters International RAT Identified by Quorum Cyber |
RAT | ||
16.8.24 |
A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers |
RAT | ||
16.8.24 |
Update: Cuckoo Malware Evolves |
MacOS | ||
16.8.24 |
Beyond the wail: deconstructing the BANSHEE infostealer |
MacOS | ||
7.8.24 |
Cloud Cover: How Malicious Actors Are Leveraging Cloud Services |
Backdoor | ||
7.8.24 |
Chameleon is back in Canada and Europe |
Mobil Trojan | ||
|
6.8.24 |
LianSpy: new Android spyware targeting Russian users |
Android | ||
5.8.24 |
Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware |
RAT | ||
5.8.24 |
BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities |
Android Banking | ||
5.8.24 |
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms |
Backdoor | ||
3.8.24 |
BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor |
Backdoor | ||
2.8.24 |
BingoMod: The new android RAT that steals money and wipes data |
RAT | ||
2.8.24 | A trojan for Linux with a wide range of functions and the ability to be remotely controlled via a Telegram bot. The source code is written in Go and encrypted with RSA. | RAT | ||
2.8.24 | At the first stage, the dropper checks the parameters (arguments) used for its launch: this impacts the intermediate persistence stage. If there are input arguments, the add_payload stage begins (named after the function that performs it). | RAT | ||
2.8.24 | Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps | SMS | ||
2.8.24 | Mandrake spyware sneaks onto Google Play again, flying under the radar for two years | Spyware | ||
2.8.24 | Phishing targeting Polish SMBs continues via ModiLoader | Loader | ||
27.7.24 |
Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65): |
Stealer | ||
27.7.24 |
CrowdStrike’s Falcon agent caused downtime for millions of computers across the globe beginning July 19. This event caused panic and chaos, which threat actors quickly latch on to gain an edge over defenders. |
Wipper | ||
25.7.24 |
ACR Stealer is an information stealer advertised by a threat actor operating under the pseudonym SheldIO, on Russian-speaking cybercrime forums. It is sold as a Malware-as-a-Service (MaaS) since March 2024. |
Stealer | ||
24.7.24 | Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma | macOS | ||
24.7.24 |
Impact of FrostyGoop ICS Malware on Connected OT Systems |
ICS | ||
23.7.24 |
Fake Browser Updates Lead to BOINC Volunteer Computing Software |
Downloader | ||
20.7.24 |
‘AuKill’ EDR killer malware abuses Process Explorer driver |
Tool | ||
20.7.24 |
BugSleep is a backdoor designed to execute the threat actors’ commands and transfer files between the compromised machine and the C&C server. |
Backdoor | ||
19.7.24 |
A Comprehensive Look at the Updated Infection Chain of Ghost Emperor’s Demodex Rootkit. |
Rootkit | ||
19.7.24 |
OilAlpha Malicious Applications Target Humanitarian Aid Groups Operating in Yemen |
Mobil App | ||
18.7.24 |
HotPage: Story of a signed, vulnerable, ad-injecting driver |
Adware | ||
18.7.24 |
North Korean Hackers Update BeaverTail Malware to Target MacOS Users |
Stealer | ||
16.7.24 |
NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS |
Backdoor | ||
15.7.24 |
How SYS01 Stealer Will Get Your Sensitive Facebook Info |
Stealer | ||
13.7.24 |
DarkGate: Dancing the Samba With Alluring Excel Files |
RAT | ||
11.7.24 |
DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1 |
Loader | ||
11.7.24 |
New Malware Campaign Targeting Spanish Language Victims |
RAT | ||
10.7.24 |
The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution |
Python | ||
9.7.24 |
Lookout Discovers Houthi Surveillanceware Targeting Middle Eastern Militaries |
Android | ||
8.7.24 |
StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe |
Stealer | ||
8.7.24 |
Satanstealer is a new open source infostealing malware shared on GitHub. The malware collects and exfiltrates various types of information such as browser cookies, passwords, registered phone numbers, and email client details. |
Stealer | ||
8.7.24 |
‘Poseidon’ Mac stealer distributed via Google ads |
Stealer | ||
8.7.24 |
0bj3ctivity is an infostealer variant first observed last year in campaigns targeting Italy. A new campaign delivering this malware yet again to Italian users has been reported by CERT-AGID. |
Stealer | ||
8.7.24 |
A new malware strain dubbed Neptune Stealer has been uncovered by researchers. This malware quietly infiltrates systems to extract passwords and financial data, operating discreetly and customizing itself to evade detection. |
Stealer | ||
8.7.24 |
Kematian-Stealer : A Deep Dive into a New Information Stealer |
Stealer | ||
8.7.24 |
Mekotio Banking Trojan Threatens Financial Systems in Latin America |
Banking | ||
5.7.24 |
GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks |
Loader | ||
4.7.24 |
MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems |
Spyware | ||
3.7.24 |
A Brief History of SmokeLoader, Part 2 |
Loader | ||
3.7.24 |
A Brief History of SmokeLoader, Part 1 |
Loader | ||
3.7.24 |
Exposing FakeBat loader: distribution methods and adversary infrastructure |
Loader | ||
3.7.24 |
Kimsuky Group's New Backdoor Appears (HappyDoor) |
Backdoor | ||
3.7.24 |
Xctdoor Malware Used in Attacks Against Korean Companies (Andariel) |
Backdoor | ||
1.7.24 |
CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts |
Android | ||
1.7.24 |
Beware of Snowblind: A new Android malware |
Android | ||
|
20.6.24 |
LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations |
Loader | ||
|
18.6.24 |
Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion |
Loader | ||
|
17.6.24 |
Ministry of Defence of the Netherlands uncovers COATHANGER,a stealthy Chinese FortiGate RAT |
RAT | ||
|
17.6.24 |
Backdoor BadSpace delivered by high-ranking infected websites |
Backdoor | ||
|
17.6.24 |
Botnet Installing NiceRAT Malware |
RAT | ||
|
15.6.24 |
DISGOMOJI Malware Used to Target Indian Government |
Linux | ||
|
15.6.24 |
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale |
Banking | ||
|
14.6.24 |
In Bad Company: JScript RAT and CobaltStrike |
RAT | ||
|
14.6.24 |
Dissecting SSLoad Malware: A Comprehensive Technical Analysis |
Loader | ||
|
13.6.24 |
Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups |
RAT | ||
|
13.6.24 |
Dipping into Danger: The WARMCOOKIE backdoor |
Backdoor | ||
|
12.6.24 |
Technical Analysis of the Latest Variant of ValleyRAT |
RAT | ||
|
11.6.24 |
More_eggs Activity Persists Via Fake Job Applicant Lures |
Backdoor | ||
7.6.24 | SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign | Stealer | ||
7.6.24 | Muhstik Malware Targets Message Queuing Services Applications | Trojan | ||
6.6.24 | BoxedApp products are general packers built on top of its SDK, which provides the ability to create Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking). | App | ||
6.6.24 | Russia-linked 'Lumma' crypto stealer now targets Python devs | Stealer | ||
5.6.24 |
During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans (RATs) by malicious actors. | RAT |
||
3.6.24 | Fake Browser Updates delivering BitRAT and Lumma Stealer | Stealer | ||
3.6.24 | Fake Browser Updates delivering BitRAT and Lumma Stealer | RAT | ||
30.5.24 |
AhMyth is malware that spreads through a few different infection vectors and uses various means to collect and exfiltrate sensitive information from infected devices. |
Android | ||
30.5.24 |
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit |
Cryptocurrency | ||
30.5.24 |
PyPI crypto-stealer targets Windows users, revives malware campaign |
Python | ||
29.5.24 |
ALLASENHA: ALLAKORE VARIANT LEVERAGES AZURE CLOUD C2 TO STEAL BANKING DETAILS IN LATIN AMERICA |
RAT | ||
25.5.24 | BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. | RAT | ||
25.5.24 | Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy | RAT | ||
22.5.24 |
Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware |
InfoStealer | ||
21.5.24 |
No-Justice Wiper - Wiper attack on Albania by Iranian APT) |
Wipper | ||
21.5.24 |
Iranian State Actors Conduct Cyber Operations Against the Government of Albania |
Wipper | ||
20.5.24 |
The LATRODECTUS loader evolves to deliver ICEDID and other malware |
Loader | ||
20.5.24 |
Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns |
Banking | ||
18.5.24 |
Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts |
RAT | ||
18.5.24 |
More than one legitimate software package was modified to deliver malware in North Korean group’s recent campaign against South Korean organizations. |
Backdoor | ||
16.5.24 |
ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs |
APT | ||
16.5.24 |
ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs |
APT | ||
11.5.24 |
zEus Stealer Distributed via Crafted Minecraft Source Pack |
Stealer | ||
10.5.24 |
Coper is a descendant of ExoBotCompat, which was a rewritten version of Exobot. |
Android | ||
8.5.24 | HijackLoader (a.k.a. IDAT Loader) is a malware loader initially spotted in 2023 that is capable of using a variety of modules for code injection and execution. | Loader | ||
7.5.24 | Post-infection traffic triggers signatures for Win32/MetaStealer Related Activity from the EmergingThreats Pro (ETPRO) ruleset. | Stealer | ||
7.5.24 | CharmingCypress: Innovating Persistence | VBS | ||
7.5.24 | Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion | Python | ||
6.5.24 | Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware | Apple | ||
3.5.24 |
The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers. | Trojan |
||
3.5.24 |
Playing Possum: What's the Wpeeper Backdoor Up To? | Backdoor |
||
3.5.24 |
Graph: Growing number of threats leveraging Microsoft API | Trojan |
||
1.5.24 |
Zloader Learns Old Tricks | Trojan |
||
|
27.4.24 |
Brokewell: do not go broke from new banking malware! |
Android |
||
|
27.4.24 |
From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams |
RAT |
||
|
25.4.24 |
Analysis of Pupy RAT Used in Attacks Against Linux Systems |
RAT |
||
|
25.4.24 |
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining |
Cryptocurrency |
||
|
24.4.24 |
Suspected CoralRaider continues to expand victimology using three information stealers |
Stealer |
||
|
22.4.24 |
A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior. |
Stealer |
||
|
19.4.24 |
Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear |
Loader |
||
|
19.4.24 |
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal |
VBA Macro |
||
|
19.4.24 |
CR4t Malware: A Shape-Shifting Threat — Threat Intelligence Report |
Backdoor |
||
|
18.4.24 |
SoumniBot: the new Android banker’s unique techniques |
Android Banking |
||
|
18.4.24 |
Malvertising campaign targeting IT teams with MadMxShell |
Backdoor |
||
|
18.4.24 |
Kapeka: A novel backdoor spotted in Eastern Europe |
Backdoor |
||
|
15.4.24 |
LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India |
ios | ||
11.4.24 |
Analyzing the FUD Malware Obfuscation Engine BatCloak | FUD Engine |
||
11.4.24 |
eXotic Visit campaign: Tracing the footprints of Virtual Invaders | RAT |
||
|
10.4.24 |
Smoke and (screen) mirrors: A strange signed backdoor |
Backdoor |
||
|
9.4.24 |
ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins |
Crypto |
||
|
8.4.24 |
Latrodectus: This Spider Bytes Like Ice |
Downloader | ||
|
8.4.24 |
Bing ad for NordVPN leads to SecTopRAT |
RAT | ||
|
5.4.24 |
Rhadamanthys Malware Disguised as Groupware Installer (Detected by MDS) |
Stealer |
||
|
5.4.24 |
Resecurity has detected a new version of JSOutProx, targeting financial services and organizations in the APAC and MENA regions. JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET. |
Tool |
||
|
5.4.24 |
Byakugan – The Malware Behind a Phishing Attack |
infostealer |
||
|
5.4.24 |
Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses |
Stealer |
||
|
5.4.24 |
AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES |
RAT |
||
|
5.4.24 |
SonicWall Capture Labs threat research team has observed an updated variant of StrelaStealer. |
Stealer |
||
|
5.4.24 |
This study provides a detailed overview of Sync-Scheduler, a potent malware written in C++ boasting defense evasion and anti-analysis capabilities. |
Stealer |
||
|
5.4.24 |
Recently Updated Rhadamanthys Stealer Delivered in Federal Bureau of Transportation Campaign |
Stealer |
||
|
3.4.24 |
Breaking Boundaries: Mispadu's Infiltration Beyond LATAM |
Banking |
||
|
2.4.24 |
Everything I Know About the XZ Backdoor |
Backdoor |
||
|
2.4.24 |
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs |
Backdoor |
||
|
2.4.24 |
VenomRAT: A remote access tool with dangerous consequences |
RAT |
||
1.4.24 |
Satori Threat Intelligence Alert: PROXYLIB and LumiApps Transform Mobile Devices into Proxy Nodes |
APP |
||
1.4.24 |
Android Malware Vultur Expands Its Wingspan | Android |
||
|
31.3.24 |
The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device. |
Android | ||
|
31.3.24 |
Infostealers continue to pose threat to macOS users |
MacOS | ||
|
30.3.24 |
Linksys Worm ("TheMoon") Captured |
Worm |
||
|
30.3.24 |
DinodasRAT Linux implant targeting entities worldwide |
RAT |
||
|
28.3.24 |
Agent Tesla's New Ride: The Rise of a Novel Loader |
Loader |
||
|
27.3.24 |
osx |
|||
|
27.3.24 |
Trochilus is a C++ written RAT, which is available on GitHub. |
RAT |
||
|
23.3.24 |
Here, MUSKYBEAT refers to the in-memory dropper component, while STATICNOISE is the final payload / downloader. |
Dropper | ||
|
23.3.24 |
According to Mandiant, BEATDROP is a downloader written in C that uses Atlassian's project management service Trello for C&C. |
Dropper | ||
|
23.3.24 |
Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations |
Spy | ||
|
23.3.24 |
APT29 Uses WINELOADER to Target German Political Parties |
Loader | ||
|
22.3.24 |
Sign1 Malware: Analysis, Campaign History & Indicators of Compromise |
JavaScript | ||
|
22.3.24 |
Revenge RAT via malicious PPAM in Latin America, Portugal and Spain |
RAT | ||
|
22.3.24 |
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries |
RAT | ||
|
22.3.24 |
Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. |
Loader | ||
|
22.3.24 |
StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server. |
Stealer | ||
|
22.3.24 |
A MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems. |
Wipper | ||
|
22.3.24 |
AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine |
Wipper | ||
|
22.3.24 |
AndroxGh0st is a Python-based malware designed to target Laravel applications. It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio. |
Android | ||
20.3.24 | According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021 The malware has been observed distributing a variety of remote access trojans and information stealers | Crypter | ||
20.3.24 | Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor | Loader | ||
20.3.24 | WhiteSnake Stealer: Unveiling the Latest Version – Less Obfuscated, More Dangerous | Stealer | ||
20.3.24 | The GlorySprout or a Failed Clone of Taurus Stealer | Stealer | ||
20.3.24 | CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers | CoinMiner | ||
20.3.24 | A MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems. | Wiper | ||
20.3.24 | Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago. | RAT | ||
20.3.24 | APT37's ROKRAT HWP Object Linking and Embedding | RAT | ||
18.3.24 | Scalable Vector Graphics (SVG) files are a popular format for web graphics because they can be resized without losing quality. However, cybercriminals are now exploiting SVGs to deliver malware, posing a new threat to unsuspecting users. | Malware | ||
18.3.24 | From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites | Stealer | ||
18.3.24 | PowerShell script | Stealer | ||
18.3.24 | the malware was used previously in campaigns from July through August, and September 2023 | Stealer | ||
18.3.24 | The government computer emergency response team of Ukraine CERT-UA detected a malicious document "Nuclear Terrorism A Very Real Threat.rtf", opening of which will lead to the download of an HTML file and the execution of JavaScript code (CVE-2022-30190), which will ensure the download and launching the CredoMap malware. | JavaScript | ||
18.3.24 | X-Force’s analysis revealed that OCEANMAP has a strong overlap in both technique and .NET implementation. Several of the functions used in OCEANMAP were repurposed from the original CREDOMAP stealer and used as a base to build the new persistent backdoor. | Backdoor | ||
18.3.24 | Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus | Python | ||
17.3.24 | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victim’s sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. | Keylogger | ||
17.3.24 | RisePro stealer targets Github users in “gitgub” campaign | Stealer | ||
17.3.24 | Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled | Loader | ||
|
14.3.24 |
Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor) |
Wrapper | ||
|
14.3.24 |
Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence |
CyberSpy | ||
|
14.3.24 |
zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets. |
RAT | ||
|
14.3.24 |
According to Subex Secure, CyberGate is a Remote Access Trojan (RAT) that allows an attacker to gain unauthorized access to the victim’s system. |
RAT | ||
|
14.3.24 |
Planet Stealer is a recently identified infostealing malware variant. This Go-based malware has been advertised for sale on underground forums. |
Stealer | ||
|
14.3.24 |
Latest DBatLoader Uses Driver Module to Disable AV/EDR Software |
Loader | ||
|
14.3.24 |
Tweaks Stealer Targets Roblox Users Through YouTube and Discord |
Stealer | ||
|
14.3.24 |
Unveiling Phemedrone Stealer: Threat Analysis and Detections |
Stealer | ||
|
14.3.24 |
According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers. |
Banking | ||
|
14.3.24 |
First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. |
Loader | ||
|
13.3.24 |
PixPirate: The Brazilian financial malware you can’t see |
Android | ||
|
13.3.24 |
STRRAT is a Java-based RAT, which makes extensive use of plugins to provide full remote access to an attacker, as well as credential stealing, key logging and additional plugins. |
RAT | ||
|
13.3.24 |
Recently, FortiGuard Labs uncovered a phishing campaign that entices users to download a malicious Java downloader with the intention of spreading new VCURMS and STRRAT remote access trojans (RAT). |
Java | ||
|
12.3.24 |
RL has discovered a campaign using PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases, which are used for wallet recovery. |
PyPI | ||
|
12.3.24 |
FortiGuard Labs recently uncovered a threat actor employing a malicious PDF file to propagate the banking Trojan CHAVECLOAK. |
Banking | ||
|
11.3.24 |
Backdoor | |||
|
7.3.24 |
My Tea’s not cold. An overview of China’s cyber threat |
Bot | ||
|
7.3.24 |
In this Threat Analysis Report, Cybereason Security Services dives into the Python Infostealer, delivered via GitHub and GitLab, that ultimately exfiltrates credentials via Telegram Bot API or other well known platforms. |
InfoStealer | ||
|
7.3.24 |
AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system. |
RAT | ||
|
7.3.24 |
The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code |
RAT | ||
|
6.3.24 |
According to PcRisk, Research shows that the OceanLotus 'backdoor' targets MacOS computers. |
OSX | ||
|
6.3.24 |
TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant |
VBS | ||
2.3.24 | GUloader Unmasked: Decrypting the Threat of Malicious SVG Files | Loader | ||
2.3.24 | The Art of Domain Deception: Bifrost's New Tactic to Deceive Users | RAT | ||
2.3.24 | GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange | Backdoor | ||
2.3.24 | European diplomats targeted by SPIKEDWINE with WINELOADER | Loader | ||
1.3.24 | A custom backdoor written in C++ capable of file exfiltration and upload, command execution, and more. Communicates using Azure cloud infrastructure. | Backdoor | ||
1.3.24 | A custom backdoor that provides a more flexible code-execution interface and enhanced reconnaissance features compared to MINIBIKE | Backdoor | ||
1.3.24 | A tunneler, likely based on an open-source Socks4a proxy, that communicates using Azure cloud infrastructure | Backdoor | ||
28.2.24 | Pony (also known as Fareit or Siplog) is a malware categorized as a loader and stealer, although it is also used as a botnet, being a tool that has been used for more than 10 years and is still in use. | Stealer | ||
28.2.24 | New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group | Backdoor | ||
28.2.24 | When Stealers Converge: New Variant of Atomic Stealer in the Wild | Stealer | ||
28.2.24 | According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers. | Banking | ||
28.2.24 | Modular malware framework targeting SOHO network devices | Linux | ||
28.2.24 | Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus | Loader | ||
28.2.24 | Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant) | RAT | ||
27.2.24 | Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT to a Ukraine Entity in Finland | Loader | ||
27.2.24 | DarkVNC is a hidden utility based on the Virtual Network Computing (VNC) technology, initially promoted on an Exploit forum in 2016. | Stealer | ||
27.2.24 | We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. | RAT | ||
27.2.24 | We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. | RAT | ||
27.2.24 | Ousaban: LATAM Banking Malware Abusing Cloud Services | Banking | ||
27.2.24 | Tweet on recent Mekotio Banker campaign | Banking | ||
27.2.24 | First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques. | Banking | ||
22.2.24 | SSH-Snake: New Self-Modifying Worm Threatens Networks | Worm | ||
22.2.24 | To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer | RAT | ||
21.2.24 | Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats | Stealer | ||
21.2.24 | Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses | Stealer | ||
21.2.24 | Migo - a Redis Miner with Novel System Weakening Techniques | Miner | ||
21.2.24 | Sysjoker is a backdoor malware that was first discovered in December 2021 by Intezer. | Backdoor | ||
21.2.24 | According to Security Joes, this malware is an x64 ELF executable, lacking obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions. | Wipper | ||
19.2.24 | Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach | Android | ||
19.2.24 | Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. | Backdoor | ||
18.2.24 | Raccoon Stealer v2 – Part 1: The return of the dead | Stealer | ||
18.2.24 | An info stealer is malicious software (malware) that seeks to steal private data from a compromised device, including passwords, cookies, autofill information from browsers, and cryptocurrency wallet information. | Stealer | ||
17.2.24 | According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking. | Backdoor | ||
17.2.24 | TinyTurla Next Generation - Turla APT spies on Polish NGOs | Backdoor | ||
17.2.24 | Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows | iOS | ||
17.2.24 | This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE. | Loader | ||
17.2.24 | CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day | Loader | ||
17.2.24 | Diving Into Glupteba's UEFI Bootkit | Bootkit | ||
17.2.24 | Pikabot is a malware loader that originally emerged in early 2023. Over the past year, ThreatLabz has been tracking the development of Pikabot and its modus operandi. | Loader | ||
17.2.24 | Ivanti Connect Secure: Journey to the core of the DSLog backdoor | Backdoor | ||
17.2.24 | New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group | macOS | ||
12.2.24 | The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. | RAT | ||
10.2.24 | New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group | Backdoor | ||
10.2.24 | RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS | Worm | ||
9.2.24 | MoqHao evolution: New variants start automatically right after installation | Android | ||
9.2.24 | Coyote: A multi-stage banking Trojan abusing the Squirrel installer | Banking | ||
9.2.24 | New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization | Backdoor | ||
8.2.24 | HijackLoader Expands Techniques to Improve Defense Evasion | Loader | ||
8.2.24 | Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer | Stealer | ||
7.2.24 | According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475). | Backdoor | ||
7.2.24 | According to Mandiant, this malware family is attributed to potential chinese background and directly related to observed exploitation of Fortinet's SSL-VPN (CVE-2022-42475). There is also a Windows variant. | ELF | ||
7.2.24 | Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances. | RAT | ||
6.2.24 | CrackedCantil: A Malware Symphony Breakdown | Stealer | ||
6.2.24 | Facebook Advertising Spreads Novel Malware Variant | Stealer | ||
6.2.24 | A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets | Spyware | ||
6.2.24 | Skygofree: Following in the footsteps of HackingTeam | Android | ||
5.2.24 | ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group | RAT | ||
5.2.24 | New spyware attacks exposed: civil society targeted in Jordan | Spyware | ||
5.2.24 | This report aims to detail the functioning of a malware used by FIN7 since 2021, named DiceLoader (also known Icebot), and to provide a comprehensive approach of the threat by detailing the related Techniques... | Loader | ||
5.2.24 | CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign | Stealer | ||
5.2.24 | Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019 | Stealer | ||
3.2.24 | ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware | Backdoor | ||
3.2.24 | Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor | Backdoor | ||
2.2.24 | We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), a piece of technology that allows programs to execute code in the operating systems of popular cloud-computing platforms. We also show how to detect such threats. |
Rootkit | ||
2.2.24 | HeadCrab 2.0: Evolving Threat in Redis Malware Landscape |
Backdoor | ||
1.2.24 | Evolution of UNC4990: Uncovering USB Malware's Hidden Depths | Python | ||
1.2.24 | Mandiant has observed UNC4990 leverage EMPTYSPACE (also known as VETTA Loader and BrokerLoader), a downloader that can execute any payload served by the command and control (C2) server, and QUIETBOARD, which is a backdoor that was delivered using EMPTYSPACE. | Backdoor | ||
1.2.24 | KRUSTYLOADER - RUST MALWARE LINKED TO IVANTI CONNECTSECURE COMPROMISES | Loader | ||
31.1.24 |
Grandoreiro is one of the many Latin American banking trojans such as Javali, Melcoz, Casabeniero, Mekotio, and Vadokrist, primarily targeting countries like Spain, Mexico, Brazil, and Argentina. |
Banking |
||
31.1.24 |
From Screen Captures to Crypto wallets: Analyzing the Multi-Faceted Threat of Rage Stealer |
Stealer |
||
31.1.24 |
RUSSIAN STEALER LOG AGGREGATOR RELEASES FULLY NATIVE INFOSTEALER |
Stealer |
||
31.1.24 |
Zloader: No Longer Silent in the Night |
Trojan |
||
29.1.24 |
LODEINFO is a fileless malware that has been observed in campaigns that start with spear-phishing emails since December 2019. |
Backdoor |
||
29.1.24 |
Inside the SYSTEMBC Command-and-Control Server |
Trojan |
||
29.1.24 |
AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. |
RAT |
||
29.1.24 |
CherryLoader: A New Go-based Loader Discovered in Recent Intrusions |
GO base |
||
29.1.24 |
It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. |
RAT |
||
29.1.24 |
Glupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet. |
Cryptomining |
||
29.1.24 |
Info Stealing Packages Hidden in PyPI |
Python |
||
20.1.24 |
Screentime: Sometimes It Feels Like Somebody's Watching Me |
VBS |
||
19.1.24 |
Jamf Threat Labs discovers new malware embedded in pirated applications |
OSX |
||
18.1.24 |
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware |
Android |
||
17.1.24 |
Remcos RAT Being Distributed via Webhards |
RAT |
||
16.1.24 |
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign |
Stealer |
||
12.1.24 |
Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services |
Linux |
||
11.1.24 |
Mac users targeted in new malvertising campaign delivering Atomic Stealer |
osx |
||
11.1.24 |
You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance |
Bot |
||
10.1.24 |
Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component. |
Loader |
||
9.1.24 |
Deceptive Cracked Software Spreads Lumma Variant on YouTube |
Stealer |
||
9.1.24 |
A GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND IT’S SYRIAN ROOTS |
RAT |
||
6.1.24 |
Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) Macho family tracked as SpectralBlur we found in August, and how finding it led us to stumble upon an early iteration of KANDYKORN (aka SockRacket). Please read Elastic’s EXCELLENT piece on that family. |
macOS |
||
6.1.24 |
Wiper attack on Albania by Iranian APT |
Wipper |
||
5.1.24 |
Bandook - A Persistent Threat That Keeps Evolving |
RAT |
||
5.1.24 |
Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion |
RAT |
||
3.1.24 |
WhiteSnake Stealer malware sample on MalwareBazaar |
Stealer |
||
3.1.24 |
RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information, passwords, and personal data. |
Stealer |
||
1.1.24 |
On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2). |
Stealer |
||
1.1.24 |
Jinx – Malware 2.0 We know it’s big, we measured it! |
Stealer |