ALERTS JUNE 2024
HOME APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY | March(16) April(92) May(99) June(94) July(5)
DATE | NAME | CATEGORY | SUBCATE | INFO |
| 28.6.24 | Unfurling Hemlock: Deploying malware cluster bomb for multi-malware infections | ALERTS | VIRUS | The threat actor known as Unfurling Hemlock has been identified employing a method called "malware cluster bomb" to infect target systems with multiple malwares simultaneously. |
| 28.6.24 | Latrodectus malware campaign: Phishing with Firebase URLs and remote access tactics | ALERTS | PHISHING | Latrodectus is a popular loader utilized by threat actors to download payloads and execute arbitrary commands. Phishing emails are the most common attack vector for distributing the Latrodectus malware. |
| 28.6.24 | Ransomware used as cover for suspected China-backed APT group ChamelGang activities | ALERTS | RANSOM | According to a recently published report, a suspected China-backed APT group named ChamelGang (aka CamoFei) has been disguising its cyberespionage operations by also incorporating ransomware. |
| 28.6.24 | Threat Actor UAC-0184 using XWorm RAT | ALERTS | VIRUS | Threat Actor group UAC-0184 has targeted Ukraine using a malware campaign to deliver a RAT known as XWorm. Using evasive techniques and through the use of Python-related files the XWorm malware compromises systems. |
| 28.6.24 | 0bj3ctivity infostealer targeting Italy | ALERTS | VIRUS | 0bj3ctivity is an infostealer variant first observed last year in campaigns targeting Italy. A new campaign delivering this malware yet again to Italian users has been reported by CERT-AGID. |
| 28.6.24 | Latest P2Pinfect malware variant spreads ransomware and coinminers | ALERTS | VIRUS | A new P2Pinfect variant has been reported to spread both ransomware and Monero coinminer payloads in recent campaigns. P2Pinfect is a Rust-based botnet leveraging peer-to-peer (P2P) communication as C&C mechanism. |
| 28.6.24 | CVE-2024-4358 & CVE-2024-1800 - vulnerabilities in Telerik Report Server | ALERTS | VULNEREBILITY | CVE-2024-4358 and CVE-2024-1800 are two recently disclosed vulnerabilities affecting the Telerik Report Server. |
| 28.6.24 | Threat actor Boolka compromising websites with BMANAGER malware | ALERTS | VIRUS | Threat actor Boolka has been carrying out opportunistic SQL inection attacks against websites. When unsuspecting visitors land on the infected site(s) the JS inserted into the site(s) collects and exfiltrates the users inputs and interactions (such as credentials and other personal information). |
| 28.6.24 | New Medusa Android malware variant | ALERTS | VIRUS | Medusa malware for Android, also known as Tanglebot, has re-emerged in a new distribution campaign. The activity has been reported to target various countries across the world including he United States, Canada, France, Italy, Spain, the United Kingdom, and Turkey. |
| 26.6.24 | New Medusa Android malware variant | ALERTS | VIRUS | Medusa malware for Android, also known as Tanglebot, has re-emerged in a new distribution campaign. The activity has been reported to target various countries across the world including he United States, Canada, France, Italy, Spain, the United Kingdom, and Turkey. |
| 26.6.24 | Unstable and Condi botnets abusing cloud services for malicious activities | ALERTS | VIRUS | As recently reported by researchers from Fortinet, Unstable and Condi botnets have been abusing various cloud services for storage and distribution of malware binaries as well as C2 communication purposes |
| 26.6.24 | CVE-2024-23692 - Rejetto HTTP File Server Server Side Template Injection vulnerability | ALERTS | VULNEREBILITY | CVE-2024-23692 is a recently disclosed critical template injection vulnerability affecting Rejetto HTTP File Server (HFS) version 2.3m. Rejetto HFS is a web-based file sharing solution allowing sending and receiving files over HTTP. |
| 26.6.24 | ClickFix: Exploiting social engineering via PowerShell for malware deployment | ALERTS | VIRUS | There is a growing cybersecurity trend where users are deceived into copying and pasting malicious PowerShell scripts into an administrative PowerShell terminal window, leading to malware installation. |
| 26.6.24 | Stego-Campaign exploiting documents to deploy Remcos RAT | ALERTS | VIRUS | A phishing email campaign utilizing a URL shortener in a Microsoft Word file attachment, exploiting the CVE-2017-0199 vulnerability, has been reported in the wild. The URL redirect enticed users to download a variant of Equation Editor malware in RTF format. |
| 26.6.24 | SpiceRAT malware | ALERTS | VIRUS | SpiceRAT is a new malware variant identified by Cisco Talos. The malware has been attributed to a threat actor known as SneakyChef that has been conducting malicious campaigns against governmental entities in EMEA. |
| 26.6.24 | SpyMax mobile malware targets Telegram users | ALERTS | VIRUS | A new variant of the Android malware SpyMax has been observed in recent campaigns targeting Telegram users. The malicious .apk binaries are spread via a website masqueraded as a legitimate Telegram app download portal. |
| 26.6.24 | ExCobalt cyber espionage campaign targets Russian organizations with GoRed backdoor | ALERTS | CAMPAIGN | A cyber espionage campaign targeting Russian organizations by the ExCobalt threat actor has been observed. This campaign specifically targets government entities and IT firms. |
| 26.6.24 | CVE-2024-29824 - SQL Injection Vulnerability in Ivanti Endpoint Manager | ALERTS | VULNEREBILITY | CVE-2024-29824 is a critical SQL Injection vulnerability in Core server of Ivanti Endpoint Manager, which is an enterprise endpoint management solution that allows for centralized management of devices within an organization. |
| 26.6.24 | PHANTOM#SPIKE campaign makes use of .chm files to deliver custom backdoors | ALERTS | CAMPAIGN | PHANTOM#SPIKE is a recent malicious campaign identified in the wild. The attackers leverage phishing lures with password protected .rar and .zip archives. |
| 26.6.24 | Red Mongoose Daemon malware | ALERTS | VIRUS | Red Mongoose Daemon is a new banking malware variant identified by researchers from Scitum. The malware has been observed in campaigns targeting banking users and organizations in Brazil. |
| 26.6.24 | Apache HTTP Server CVE-2021-41773 vulnerability under active exploitation | ALERTS | VULNEREBILITY | CVE-2021-41773 is a critical (CVSS score 7.5) path traversal and file disclosure vulnerability affecting Apache HTTP Server. If successfully exploited, this vulnerability enables unauthorized access of sensitive information. |
| 26.6.24 | Web Shell attack used for deployment of XMrig coinminer | ALERTS | CRYPTOCURRENCY | Web shell attacks are a common technique used by attackers to maintain persistence and remotely access web servers during cyberattacks. |
| 26.6.24 | Rafel RAT mobile malware | ALERTS | VIRUS | Rafel RAT is an open-source mobile malware observed in some recent campaigns targeting Android users. As reported by Checkpoint, the malware is a versatile tool that allows the attackers both data exfiltration as well as remote control over the infected device. |
| 26.6.24 | Satanstealer Infostealer | ALERTS | VIRUS | Satanstealer is a new open source infostealing malware shared on GitHub. |
| 26.6.24 | QR Code-Embedded PDFs exploit Financial Institutions via ONNX Store | ALERTS | EXPLOIT | A new phishing campaign involving embedded QR codes in PDF attachments has been reported. ONNX Store, a known Phishing-as-a-Service (PhaaS) platform, has been used to orchestrate this campaign targeting financial institutions. |
| 26.6.24 | SquidLoader - new loader in the threat landscape | ALERTS | VIRUS | A new loader malware dubbed SquidLoader has been reported as being active distributed via phishing campaigns targeting Chinese-speaking users. The malware employs various evasion and decoy techniques in order to stay under the radar and avoid detection. |
| 26.6.24 | Fake Employee evaluation reports from Human Resources (HR) appear in new phish run | ALERTS | PHISHING | Threat actors continue masquerading as members of Human resources (HR) department in efforts to spread a new wave of phish emails. |
| 26.6.24 | Telcos in Asian country targeted by Chinese espionage tools | ALERTS | CAMPAIGN | In a newly released report, Symantec’s Threat Hunter Team provide an analysis of activity observed impacting telecommunications operators in a specific Asian country. |
| 26.6.24 | TA571 slips malicious scripts on to user's clipboards | ALERTS | GROUP | TA571 has recently been observed utilizing malicious HTML files in malspam campaigns. These files, once opened, copy a malicious PowerShell script to the user's clipboard while displaying an image that states the attached document is broken, |
| 26.6.24 | Fickle Stealer | ALERTS | VIRUS | Fickle Stealer is a recently observed malware written in Rust. Attackers leverage multiple delivery methods in a multi-stage attack chain to distribute the payload. |
| 19.6.24 | AzzaSec Ransomware | ALERTS | RANSOM | AzzaSec is another run-of-the-mill ransomware variant found being distributed in the wild. The malware encrypts user files and appends .AzzaSec extension to them. |
| 19.6.24 | New strain of Diamorphine Linux rootkit | ALERTS | VIRUS | A new variant of an open-source LKM (Loadable Kernel Module) rootkit dubbed Diamorphine has been found in the wild. |
| 19.6.24 | Malvertising Campaign Targets Users With Fake Software Installers | ALERTS | VIRUS | A malvertising campaign has been observed, enticing users to download masqueraded installers disguised as popular software such as Google Chrome and Microsoft Teams. |
| 19.6.24 | Hijack Loader and Vidar Stealer targeting Cisco Webex users | ALERTS | VIRUS | Malware campaigns affecting users in Latin America and the Asia Pacific regions have recently been reported. |
| 19.6.24 | Rogue Raticate Malspam Campaign: Malicious PDFs Lead to NetSupport RAT | ALERTS | VIRUS | The cybercriminal group known as Rogue Raticate (aka RATicate) has been active for a few years now and is well-known for targeting enterprises using malicious emails and remote access trojans. |
| 18.6.24 | Vortax: MacOS Malware Campaign Unveiled | ALERTS | VIRUS | A recent malware campaign targeting macOS vulnerabilities to distribute infostealers has surfaced. The threat actor, identified as markopolo, is actively aiming at cryptocurrency users. |
| 18.6.24 | Cryptojacking campaign exploiting Docker engine vulnerabilities | ALERTS | CRYPTOCURRENCY | A new cryptojacking campaign targeting publicly exposed Docker Engine hosts has been observed. It is presumed to be associated with the threat actors behind the previously seen malware campaign dubbed Spinning YARN. |
| 18.6.24 | Rapax Ransomware | ALERTS | RANSOM | Rapax is a ransomware whose binaries have recently been submitted to a public malware analysis and detection platform. |
| 17.6.24 | Limpopo ransomware targets ESXi servers | ALERTS | RANSOM | Limpopo is new ransomware variant targeting the vulnerable ESXi servers, as reported by Fortinet. This malware variant is believed to be based on the leaked Babuk ransomware source code and related to other ransomware strains such as Socotra and Formosa. |
| 17.6.24 | CVE-2024-28995 - SolarWinds Serv-U Directory Traversal vulnerability | ALERTS | VULNEREBILITY | CVE-2024-28995 is a recently disclosed Directory Traversal vulnerability affecting Serv-U managed file transfer (MFT) server solution. If successfully exploited the flaw could allow attackers with read access to sensitive information on the vulnerable host machine. |
| 17.6.24 | Brain Cipher Ransomware | ALERTS | RANSOM | Ransomware actors continue to sprout from left and right, and in this protection bulletin, we'll briefly discuss one which uses a Lockbit variant having recently emerged in the threat landscape. |
| 17.6.24 | Chaos ransomware actors pose as Lockbit to add pressure | ALERTS | RANSOM | Symantec has recently observed a Chaos ransomware actor making the rounds - encrypting single machines and claiming to be 'Lockbit' in dropped ransom notes (readme.txt). In this case, they are demanding $180 USD worth of Bitcoin be paid to a specified crypto wallet. |
| 17.6.24 | DISGOMOJI: Discord-based malware campaign targeting government organizations | ALERTS | Virus | A new innovative malware campaign has emerged, utilizing Discord for Command and Control (C2) operations and employing an emoji-based protocol where the threat actor communicates commands to the malware through emojis in the command channel. |
| 14.6.24 | OPIX Ransomware | ALERTS | RANSOM | OPIX is a newly discovered ransomware variant typically spread through social engineering tactics such as phishing emails and drive-by downloads. |
| 14.6.24 | Malspam Campaign Delivering Koi Loader/Koi Stealer | ALERTS | Virus | In a recent malspam campaign attackers appear to have altered their tactics in order to avoid detection. Instead of the typical approach of sending direct emails with malicious links, in this case they began with benign emails discussing a random scenario. |
| 14.6.24 | El Dorado Ransomware: Increased Attacks | ALERTS | RANSOM | El Dorado is a double-extortion ransomware actor who has recently claimed multiple victims on their website. Once they gain access to a company, they search for machines with valuable data to exfiltrate and encrypt, appending .00000001 to encrypted files |
| 14.6.24 | Operation Celestial Force | ALERTS | OPERATION | A new malicious campaign dubbed 'Operation Celestial Force' has been reported by the researchers from Cisco Talos. The campaign has been active since at least 2018 and targeting Indian organizations from the defense, government and technology sectors. |
| 14.6.24 | ALERTS | VULNEREBILITY | As part of June's patch Tuesday, Microsoft has patched a critical (CVSS score 9.8) Message Queuing (MSMQ) vulnerability CVE-2024-30080. | |
| 14.6.24 | CVE-2024-4701 - Netflix Genie job orchestration engine vulnerability | ALERTS | VULNEREBILITY | CVE-2024-4701 is a recently disclosed critical (CVSS score 9.9) path traversal vulnerability affecting Netflix' Genie job orchestration engine for big data applications. |
| 14.6.24 | CVE-2024-2194 - WP Statistics Plugin XSS vulnerability | ALERTS | VULNEREBILITY | CVE-2024-2194 is a recently disclosed stored cross-site scripting vulnerability affecting WP Statistics plugin for WordPress in versions up to 14.5 |
| 13.6.24 | Noodle RAT malware supports both Windows and Linux deployments | ALERTS | Virus | Noodle RAT is a malware variant recently identified by researchers from Trend Micro. This RAT has been reported as being used in targeted campaigns in the Asia-Pacific region.Drop and MicroLoad malwares prior to final payload deployment. Next to the Windows variant of this malware, a Linux strain has also been identified. It features capabilities to download/upload arbitrary files, reverse shell execution as well as SOCKS tunneling. |
| 13.6.24 | Adwind (aka jRAT) distributed in recent campaigns targeting users in Italy | ALERTS | Virus | Adwind malware (also known as jRAT or njRAT) has been observed in recent campaigns targeting users in Italy. The attack chain includes malspam emails containing .zip attachments. |
| 13.6.24 | WarmCookie backdoor | ALERTS | Virus | WarmCookie is a new backdoor variant distributed in phishing campaigns advertising fake job offers. The attack chain leverages malicious JS scripts executing PowerShell commands that in turn lead to the download of WarmCookie DLL payloads. |
| 13.6.24 | Black Basta attackers leveraging CVE-2024-26169 vulnerability as a Zero-day | ALERTS | Virus | In a newly released report, Symantec’s Threat Hunter Team reviewed evidence that suggests that attackers linked to Black Basta ransomware compiled CVE-2024-26169 exploit prior to patching. |
| 13.6.24 | Malware campaign unveils new ValleyRAT variant | ALERTS | Virus | A malware campaign has been observed delivering a newer version of ValleyRAT as the final payload. The attack vector involves a downloader with an injected shellcode that dynamically resolves APIs and establishes a connection with the C2 server |
| 12.6.24 | Remcos RAT delivered via UUEncoding (UUE) File | ALERTS | Virus | A recent phishing campaign spreading Remcos RAT employs themed documents related to shipping or quotations. The attack commences with a UUE-encoded VBS script, leading to the another obfuscated VBS script upon decoding. |
| 12.6.24 | Protection Highlight: Phishers Ramp Up Exploitation of Telegram Bot API | ALERTS | PHISHING | Over the past few months, more and more phishing actors via malicious HTML have been following in the footsteps of Infostealers and RATs, and are now also abusing the Telegram Bot API to harvest users' credentials and other sensitive information such as credit cards details. |
| 12.6.24 | TellYouThePass ransomware exploiting CVE-2024-4577 Argument Injection Vulnerability in PHP | ALERTS | VULNEREBILITY | CVE-2024-4577 - is a high-severity (CVSS: 9.8) argument injection vulnerability in PHP, which is a popular scripting tool. This vulnerability affects PHP when it runs in CGI mode. |
| 12.6.24 | Fog Ransomware | ALERTS | RANSOM | A new ransomware variant dubbed Fog has been recently distributed in the wild. The attackers behind this malware have been leveraging compromised VPN credentials to attack vulnerable networks of US organizations from the education and recreation sector. |
| 12.6.24 | AZStealer - a Python-based infostealer | ALERTS | Virus | AZStealer is a recently discovered Python-based infostealer variant. It has the functionality to steal a wide variety of information from the compromised endpoints including |
| 12.6.24 | Fireant APT targets Vietnamese entities with LNK file malware campaign | ALERTS | APT | A malware campaign conducted by the Fireant (also known as Mustang Panda) APT group using Windows shortcut (LNK) files has been reported |
| 12.6.24 | Beware of malicious Python packages on PyPI repository | ALERTS | Virus | Numerous malicious Python packages have been observed on the Python Package Index (PyPI) repository, aimed at exploiting typosquatting to target users of legitimate packages. |
| 12.6.24 | DERO cryptojacking operation targeting Kubernetes infrastructure | CRYPTOCURRENCY | Dero, a cryptocurrency, offers better privacy, anonymity and faster rewards than Monero, and is often used in cryptojacking according to a March 2023 report. | |
| 11.6.24 | SSLoader malware using PhantomLoader | ALERTS | Virus | SSLoader malware uses PhantomLoader (an effective tool for deploying malware) to enhance its elusive and stealthy behavior. |
| 11.6.24 | Yet another JScript RAT spreads via phishing campaign | ALERTS | Virus | It is generally known that JScript-based RATs are often spread via phishing campaigns, and a recent attack was spotted using the same technique as former runs where an initial loader script connects |
| 11.6.24 | Abusing Google Ads to distribute backdoor malware masquerading as Advanced IP Scanner | ALERTS | Virus | A malicious backdoor malware, masquerading as an Advanced IP Scanner, has been observed in the wild |
| 11.6.24 | New Grandoreiro banking trojan campaign masquerading as government entities through spear-phishing | ALERTS | Virus | A new campaign involving the Grandoreiro banking trojan has been observed in the wild. The threat actors are leveraging spear-phishing emails masquerading as correspondence from government entities to lure recipients into downloading ZIP files |
| 11.6.24 | Agent Tesla sending malicious XLA files | ALERTS | Virus | Agent Tesla, an infostealing .Net based RAT, has recently been observed sending Spanish language malspam with attached XLA files. |
| 10.6.24 | Fake 'KMSPico Activator Tool' Utilized to Deliver Vidar InfoStealer | ALERTS | GROUP | Researchers recently identified another drive-by download campaign, wherein users are deceived into downloading a malware-laden application named 'KMSPico activator tool.' |
| 8.6.24 | Sticky Werewolf APT | ALERTS | APT | Sticky Werewolf is a threat group initially discovered over a year ago. The attackers have been known to target various organizations, most recently the pharmaceutical and aviation sectors. |
| 8.6.24 | Seidr Stealer | ALERTS | Virus | Seidr is another recent infostealer variant found in the wild and sold via illicit marketplaces. The malware is C++ based with modular architecture. Functionality-wise Seidr steals various information from the compromised endpoints including, |
| 8.6.24 | DORRA Ransomware | ALERTS | RANSOM | DORRA is a recently found ransomware variant from the Makop malware family. The malware encrypts user files, appending the ".DORRA" extension, a unique ID and the developer's email address to them. |
| 8.6.24 | Apache RocketMQ targeted in Muhstik botnet campaign | ALERTS | BOTNET | A recent campaign targeting Apache RocketMQ platforms, exploiting a known vulnerability (CVE-2023-33246) for remote code execution, has been observed. |
| 8.6.24 | Enhanced version of Vidar Stealer emerges | ALERTS | Virus | An updated version of the Vidar Stealer has been observed in the wild. This customizable malware is being sold on the dark web and |
| 8.6.24 | CashRansomware - a new arrival to the threat landscape | ALERTS | RANSOM | CashRansomware (aka CashCrypt) is a newly identified Ransomware‑as‑a‑Service (RaaS) variant. As reported by researchers from Tehtris, the malware appears to be still in active development |
| 8.6.24 | UNC1151 APT targets the Ukrainian Ministry of Defence with malicious Excel campaign | ALERTS | APT | The UNC1151 APT group has been observed conducting a malware campaign utilizing a malicious Excel document. This group is known for targeting Eastern European countries. |
6.6.24 | CVE-2024-32113 - Path Traversal vulnerability in Apache OFBiz | ALERTS | VULNEREBILITY | CVE-2024-32113 is a recently disclosed path traversal vulnerability affecting Apache OFBiz, which is an open source enterprise resource planning (ERP) system |
6.6.24 | Rising trend of exploiting Packer apps in targeted attacks | ALERTS | Virus | An increasing trend of abusing Packer apps as a technique to deploy malware payloads has been observed in the wild. Numerous known malware families, primarily related to RATs and stealers, have been exploiting commercial |
6.6.24 | The rise of Kiteshield packer in the ever-evolving landscape of Linux malware | ALERTS | Virus | Threat actors are constantly seeking out new tactics and platforms to evade detection and carry out their espionage activities. |
6.6.24 | CoinMiner's Proxy Server Suffers Unlucky Ransomware Attack | ALERTS | RANSOM | Reports have described what seems to be an accidental cyber threat activity where a CoinMiner's proxy server was exposed to the Internet and became the target of a ransomware threat actor's RDP scan attack. |
6.6.24 | SenSayQ: Emerging Ransomware Group | ALERTS | RANSOM | SenSayQ is an emerging ransomware actor who has recently been observed in the threat landscape. |
6.6.24 | New Linux variant of the TargetCompany ransomware | ALERTS | RANSOM | A new Linux variant belonging to the TargetRansomware (aka Mallox) malware family has been found in the wild. |
6.6.24 | Updated Cuckoo malware variant spotted in the wild | ALERTS | Virus | Cuckoo is an infostealing macOS malware initially discovered earlier this year. A new variant of it has just recently been observed in the wild. |
6.6.24 | RansomHub Ransomware | ALERTS | RANSOM | In a newly released report, Symantec’s Threat Hunter Team provide an analysis of the highly active RansomHub ransomware and its similarity to the now defunct Knight ransomware. |
6.6.24 | DarkCrystal RAT Delivered via Signal Messenger | ALERTS | Virus | The messaging application 'Signal' is famous among the military and is currently being exploited to deliver DarkCrystal RAT malware to government officials, military personnel, and representatives of defense enterprises in Ukraine. |
6.6.24 | Cobalt Strike campaign targets Ukraine using malicious Excel files | ALERTS | CAMPAIGN | A new campaign targeting Ukraine with Cobalt Strike payloads has been observed by researchers from Fortinet. |
6.6.24 | Android Spyware Targets Brazilian Mobile Users in Nubank Masquerade | ALERTS | Virus | Nubank, a leading digital bank in Latin America known for its no-fee credit card and mobile banking services, has been one of the latest financial companies to have its brand abused in social engineering schemes aimed at luring mobile users in Brazil |
6.6.24 | CVE-2024-24919 - Check Point Security Gateway Information Disclosure Vulnerability | ALERTS | VULNEREBILITY | CVE-2024-24919 is an information disclosure vulnerability in Check Point Security Gateway. Check Point Security Gateway is an integrated software solution that connects corporate networks, branch offices, and business partners via a secure channel. |
6.6.24 | CVE-2024–27348 - Remote Code Execution vulnerability in Apache HugeGraph Server | ALERTS | VULNEREBILITY | Recently, a critical remote code execution (RCE) vulnerability has been discovered in Apache HugeGraph-Server, identified as CVE-2024-27348 (CVSS: 9.8). |
6.6.24 | Underground Ransomware Remains Active | ALERTS | RANSOM | Over the past year the Ransomware actor known as "Underground" has been less active than other groups, yet they remain in the threat landscape and continue to target industries of various size. |
6.6.24 | Botnet malware campaign distributing NiceRAT malware | ALERTS | Virus | A botnet malware campaign has been reported distributing the NiceRAT malware, disguising itself as Windows or Office genuine authentication tools or free game servers, through domestic file-sharing sites or blogs. |
6.6.24 | LummaC2 Infostealer Delivered via a Recent ClearFake Campaign | ALERTS | Virus | ClearFake, a JavaScript framework, utilizes both drive-by-downloads and social engineering tactics, often in fake "browser update" campaigns. |
6.6.24 | Brazilian banking trojan CarnavalHeist | ALERTS | Virus | A recent campaign has seen Brazilian users being targeted by a banking Trojan dubbed CarnavalHeist. The infection chain begins with a financial themed mail through which the recipient is lured into downloading an invoice (named as "Nota Fiscal" |
6.6.24 | RedTail cryptomining malware exploiting PAN-OS vulnerability | ALERTS | CRYPTOCURRENCY | RedTail cryptocurrency mining malware has added PAN-OS vulnerability to its exploit arsenal. PAN-OS CVE-2024-3400 is a now patched vulnerability that allows an attacker to execute an arbitrary code file with root user privileges. |