28.12.24

OtterCookie, a new malware used by Contagious Interview

JavaScript

26.12.24

BellaCPP: Discovering a new BellaCiao variant written in C++

Malware

22.12.24

HeartCrypt was originally discovered through underground forums and reported by security researchers in February and March 2024.

Crypto

22.12.24

The latest version of WezRat was recently distributed to multiple Israeli organizations in a wave of emails impersonating the Israeli National Cyber Directorate (INCD).

RAT

21.12.24

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

Backdoor

18.12.24

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion

RAT

18.12.24

Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads

Backdoor

1.11.24

In May 2024, ThreatFabric published a report about LightSpy for macOS.

iOS

28.10.24

Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview

PYTHON

28.10.24

Grandoreiro, the global trojan with grandiose goals

BANKING

28.10.24

Analyzing Latrodectus: The New Face of Malware Loaders

LOADER

27.10.24

Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks.

LINUX

27.10.24

Expanding the Investigation: Deep Dive into Latest TrickMo Samples

BANKING

27.10.24

DarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020,...

RAT

27.9.24

DCRat Targets Users with HTML Smuggling

RAT

27.9.24

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

BACKDOOR

27.9.24

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

KEYLOGGER

25.9.24

Cyfirma researchers have discovered a website promoting a tool called 'Taliban Stealer'.

Stealer

25.9.24

A Comprehensive Analysis of Angry Stealer : Rage Stealer in a New Disguise

Stealer

25.9.24

X-FILES Stealer: Advanced malware with sophisticated features and ongoing enhancements

Stealer

25.9.24

QWERTY is a newly discovered infostealer variant observed being hosted on a Linux-based virtual private server located in Germany with limited service exposure.

Stealer

25.9.24

There's Something About CryptBot: Yet Another Silly Stealer (YASS)

Stealer

25.9.24

At CYFIRMA, we are dedicated to delivering timely insights into emerging threats and malicious tactics that pose risks to both organizations and individuals.

Keylogger

25.9.24

Poseidon Stealer Uses Sora AI Lure to Infect macOS

Stealer

25.9.24

Luxy: A Stealer and a Ransomware in one

Stealer

25.9.24

Gomorrah Stealer v5.1: An In-Depth Analysis of a .NET-Based Malware

Stealer

25.9.24

In August 2024, FortiGuard Labs observed a python infostealer we call Emansrepo that is distributed via emails that include fake purchase orders and invoices.

Stealer

25.9.24

BLX Stealer known also as XLABB Stealer is a malware variant initially discovered back last year. New activity attributed to this infostealer has been observed in the wild.

Stealer

25.9.24

Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware

RAT

25.9.24

Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool

Tool Exploit

25.9.24

Spyware Injection Into Your ChatGPT's Long-Term Memory (SpAIware)

Spyware AI

24.9.24

Octo2: European Banks Already Under Attack by New Malware Variant

Android

24.9.24

How the Necro Trojan infiltrated Google Play, again

TROJAN

23.9.24

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

RAT

19.9.24

Exotic SambaSpy is now dancing with Italian users

RAT

18.9.24

An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader

Backdoor

17.9.24

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

CRYPTOCURRENCY

14.9.24

A new TrickMo saga: from Banking Trojan to Victim's Data Leak

Banking

14.9.24

Hadooken Malware Targets Weblogic Applications

Linux

13.9.24

Ajina attacks Central Asia: Story of an Uzbek Android Pandemic

Banking

13.9.24

Void captures over a million Android TV boxes

TV

13.9.24

Targeted Iranian Attacks Against Iraqi Government Infrastructure

ISS Backdoor

13.9.24

Targeted Iranian Attacks Against Iraqi Government Infrastructure

ISS Backdoor

9.9.24

WhisperGate is a multi-stage wiper designed to look like ransomware that has been used against multiple government, non-profit, ...

Wrapper

9.9.24

New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition

Android

9.9.24

Loki: a new private agent for the popular Mythic framework

Backdoor

9.9.24

TIDRONE Targets Military and Satellite Industries in Taiwan

Military Malware

8.9.24

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

Python

5.9.24

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

Backdoor

5.9.24

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant

Loader

5.9.24

Rocinante: The trojan horse that wanted to fly

Trojan

30.8.24

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Backdoor

30.8.24

APT Attack Case Analysis Report Using noMu Backdoor

Backdoor

28.8.24

HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat

MacOS

26.8.24

NGate Android malware relays NFC traffic to steal cash

Android

25.8.24

Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules

Linux

24.8.24

PEAKLIGHT: Decoding the Stealthy Memory-Only Malware

Downloader

23.8.24

From the Depths: Analyzing the Cthulhu Stealer Malware for macOS

MacOS

23.8.24

MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors

Backdoor

22.8.24

PG_MEM: A Malware Hidden in the Postgres Processes

CRYPTOCURRENCY

21.8.24

MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

RAT

21.8.24

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove

Stealer

21.8.24

TodoSwift Disguises Malware Download Behind Bitcoin PDF

MacOS

21.8.24

CharmingCypress: Innovating Persistence

Families

21.8.24

Meet UULoader: An Emerging and Evasive Malicious Installer.

Loader

21.8.24

Finding Malware: Unveiling NUMOZYLOD with Google Security Operations

Maas

16.8.24

SharpRhino – New Hunters International RAT Identified by Quorum Cyber

RAT

16.8.24

A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

RAT

16.8.24

Update: Cuckoo Malware Evolves

MacOS

16.8.24

Beyond the wail: deconstructing the BANSHEE infostealer

MacOS

7.8.24

Cloud Cover: How Malicious Actors Are Leveraging Cloud Services

Backdoor

7.8.24

Chameleon is back in Canada and Europe

Mobil Trojan

6.8.24

LianSpy: new Android spyware targeting Russian users

Android

5.8.24

Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware

RAT

5.8.24

BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities

Android Banking

5.8.24

StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms

Backdoor

3.8.24

BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor

Backdoor

2.8.24

BingoMod: The new android RAT that steals money and wipes data

RAT

2.8.24

A trojan for Linux with a wide range of functions and the ability to be remotely controlled via a Telegram bot. The source code is written in Go and encrypted with RSA.

RAT

2.8.24

At the first stage, the dropper checks the parameters (arguments) used for its launch: this impacts the intermediate persistence stage.

RAT

2.8.24

Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps

SMS

2.8.24

Mandrake spyware sneaks onto Google Play again, flying under the radar for two years

Spyware

2.8.24

Phishing targeting Polish SMBs continues via ModiLoader

Loader

27.7.24

Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65):

Stealer

27.7.24

CrowdStrike’s Falcon agent caused downtime for millions of computers across the globe beginning July 19.

Wipper

25.7.24

ACR Stealer is an information stealer advertised by a threat actor operating under the pseudonym SheldIO, on Russian-speaking cybercrime forums.

Stealer

24.7.24

Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma

macOS

24.7.24

Impact of FrostyGoop ICS Malware on Connected OT Systems

ICS

23.7.24

Fake Browser Updates Lead to BOINC Volunteer Computing Software

Malware

20.7.24

‘AuKill’ EDR killer malware abuses Process Explorer driver

Tool

20.7.24

BugSleep is a backdoor designed to execute the threat actors’ commands and transfer files between the compromised machine and the C&C server.

Backdoor

19.7.24

A Comprehensive Look at the Updated Infection Chain of Ghost Emperor’s Demodex Rootkit.

Rootkit

19.7.24

OilAlpha Malicious Applications Target Humanitarian Aid Groups Operating in Yemen

Mobil App

18.7.24

HotPage: Story of a signed, vulnerable, ad-injecting driver

Adware

18.7.24

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

Stealer

16.7.24

NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS

Backdoor

15.7.24

How SYS01 Stealer Will Get Your Sensitive Facebook Info

Stealer

13.7.24

DarkGate: Dancing the Samba With Alluring Excel Files

RAT

11.7.24

DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1

Loader

11.7.24

New Malware Campaign Targeting Spanish Language Victims

RAT

10.7.24

The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution

Malware

9.7.24

Lookout Discovers Houthi Surveillanceware Targeting Middle Eastern Militaries

Android

8.7.24

StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe

Stealer

8.7.24

Satanstealer is a new open source infostealing malware shared on GitHub.

Stealer

8.7.24

‘Poseidon’ Mac stealer distributed via Google ads

Stealer

8.7.24

0bj3ctivity is an infostealer variant first observed last year in campaigns targeting Italy.

Stealer

8.7.24

A new malware strain dubbed Neptune Stealer has been uncovered by researchers.

Stealer

8.7.24

Kematian-Stealer : A Deep Dive into a New Information Stealer

Stealer

8.7.24

Mekotio Banking Trojan Threatens Financial Systems in Latin America

Banking

5.7.24

GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks

Loader

4.7.24

MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems

Spyware

3.7.24

A Brief History of SmokeLoader, Part 2

Loader

3.7.24

A Brief History of SmokeLoader, Part 1

Loader

3.7.24

Exposing FakeBat loader: distribution methods and adversary infrastructure

Loader

3.7.24

Kimsuky Group's New Backdoor Appears (HappyDoor)

Backdoor

3.7.24

Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)

Backdoor

1.7.24

CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts

Android

1.7.24

Beware of Snowblind: A new Android malware

Android

20.6.24

LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations

Loader

18.6.24

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion

Loader

17.6.24

Ministry of Defence of the Netherlands uncovers COATHANGER,a stealthy Chinese FortiGate RAT

RAT

17.6.24

Backdoor BadSpace delivered by high-ranking infected websites

Backdoor

17.6.24

Botnet Installing NiceRAT Malware

RAT

15.6.24

DISGOMOJI Malware Used to Target Indian Government

Linux

15.6.24

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

Banking

14.6.24

In Bad Company: JScript RAT and CobaltStrike

RAT

14.6.24

Dissecting SSLoad Malware: A Comprehensive Technical Analysis

Loader

13.6.24

Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

RAT

13.6.24

Dipping into Danger: The WARMCOOKIE backdoor

Backdoor

12.6.24

Technical Analysis of the Latest Variant of ValleyRAT

RAT

11.6.24

More_eggs Activity Persists Via Fake Job Applicant Lures

Backdoor

7.6.24

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

Stealer

7.6.24

Muhstik Malware Targets Message Queuing Services Applications

Trojan

6.6.24

BoxedApp products are general packers built on top of its SDK, which provides the ability to create Virtual Storage (Virtual File System, Virtual Registry),..

App

6.6.24

Russia-linked 'Lumma' crypto stealer now targets Python devs

Stealer

5.6.24

RAT

3.6.24

Fake Browser Updates delivering BitRAT and Lumma Stealer

Stealer

3.6.24

Fake Browser Updates delivering BitRAT and Lumma Stealer

RAT

30.5.24

AhMyth is malware that spreads through a few different infection vectors and uses various means to collect and exfiltrate sensitive information from infected devices.

Android

30.5.24

RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit

Cryptocurrency

30.5.24

PyPI crypto-stealer targets Windows users, revives malware campaign

Python

29.5.24

ALLASENHA: ALLAKORE VARIANT LEVERAGES AZURE CLOUD C2 TO STEAL BANKING DETAILS IN LATIN AMERICA

RAT

25.5.24

BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT,

RAT

25.5.24

Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy

RAT

22.5.24

Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware

InfoStealer

21.5.24

No-Justice Wiper - Wiper attack on Albania by Iranian APT)

Wipper

21.5.24

Iranian State Actors Conduct Cyber Operations Against the Government of Albania

Wipper

20.5.24

The LATRODECTUS loader evolves to deliver ICEDID and other malware

Loader

20.5.24

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

Banking

18.5.24

Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts

RAT

18.5.24

More than one legitimate software package was modified to deliver malware in North Korean group’s recent campaign against South Korean organizations.

Backdoor

16.5.24

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

APT

16.5.24

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

APT

11.5.24

zEus Stealer Distributed via Crafted Minecraft Source Pack

Stealer

10.5.24

Coper is a descendant of ExoBotCompat, which was a rewritten version of Exobot.

Android

8.5.24

HijackLoader (a.k.a. IDAT Loader) is a malware loader initially spotted in 2023 that is capable of using a variety of modules for code injection and execution.

Loader

7.5.24

Post-infection traffic triggers signatures for Win32/MetaStealer Related Activity from the EmergingThreats Pro (ETPRO) ruleset.

Stealer

7.5.24

CharmingCypress: Innovating Persistence

VBS

7.5.24

Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion

Python

6.5.24

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware

Apple

3.5.24

Trojan

3.5.24

Backdoor

3.5.24

1.5.24

Trojan

27.4.24

Android

27.4.24

RAT

25.4.24

25.4.24

24.4.24

22.4.24

Stealer

19.4.24

Loader

19.4.24

VBA Macro

19.4.24

Backdoor

18.4.24

Android Banking

18.4.24

Backdoor

18.4.24

Backdoor

15.4.24

LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India

ios

11.4.24

FUD Engine

11.4.24

RAT

10.4.24

Backdoor

9.4.24

Crypto

8.4.24

Latrodectus: This Spider Bytes Like Ice

Downloader

8.4.24

Bing ad for NordVPN leads to SecTopRAT

RAT

5.4.24

Stealer

5.4.24

Tool

5.4.24

infostealer

5.4.24

Stealer

5.4.24

RAT

5.4.24

Stealer

5.4.24

Stealer

5.4.24

Stealer

3.4.24

2.4.24

2.4.24

2.4.24

1.4.24

1.4.24

Android

31.3.24

The authors behind Android banking malware Vultur have been spotted adding new technical features, ...

Android

31.3.24

Infostealers continue to pose threat to macOS users

MacOS

30.3.24

Worm

30.3.24

28.3.24

27.3.24

27.3.24

RAT

Here, MUSKYBEAT refers to the in-memory dropper component, while STATICNOISE is the final payload / downloader.

Dropper

According to Mandiant, BEATDROP is a downloader written in C that uses Atlassian's project management service Trello for C&C.

Dropper

Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations

Spy

APT29 Uses WINELOADER to Target German Political Parties

Loader

Sign1 Malware: Analysis, Campaign History & Indicators of Compromise

JavaScript

Revenge RAT via malicious PPAM in Latin America, Portugal and Spain

RAT

Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries

RAT

Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023.

Loader

StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server.

Stealer

A MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems.

Wipper

AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine

Wipper

AndroxGh0st is a Python-based malware designed to target Laravel applications.

Android

According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021

Crypter

Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor

Loader

WhiteSnake Stealer: Unveiling the Latest Version – Less Obfuscated, More Dangerous

Stealer

The GlorySprout or a Failed Clone of Taurus Stealer

Stealer

CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers

CoinMiner

A MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems.

Wiper

Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago.

RAT

APT37's ROKRAT HWP Object Linking and Embedding

RAT

Scalable Vector Graphics (SVG) files are a popular format for web graphics because they can be resized without losing quality.

Malware

From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites

Stealer

PowerShell script

Stealer

the malware was used previously in campaigns from July through August, and September 2023

Stealer

The government computer emergency response team of Ukraine CERT-UA detected a malicious document "Nuclear Terrorism A Very Real Threat.rtf", ...

JavaScript

X-Force’s analysis revealed that OCEANMAP has a strong overlap in both technique and .NET implementation.

Backdoor

Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus

Python

Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities.

Keylogger

RisePro stealer targets Github users in “gitgub” campaign

Stealer

Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled

Loader

Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)

Wrapper

Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence

CyberSpy

zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware.

RAT

According to Subex Secure, CyberGate is a Remote Access Trojan (RAT) that allows an attacker to gain unauthorized access to the victim’s system.

RAT

Planet Stealer is a recently identified infostealing malware variant. This Go-based malware has been advertised for sale on underground forums.

Stealer

Latest DBatLoader Uses Driver Module to Disable AV/EDR Software

Loader

Tweaks Stealer Targets Roblox Users Through YouTube and Discord

Stealer

Unveiling Phemedrone Stealer: Threat Analysis and Detections

Stealer

According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers.

Banking

First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, ...

Loader

PixPirate: The Brazilian financial malware you can’t see

Android

STRRAT is a Java-based RAT, which makes extensive use of plugins to provide full remote access to an attacker, as well as credential stealing, key logging and additional plugins.

RAT

Recently, FortiGuard Labs uncovered a phishing campaign that entices users to download a malicious Java downloader with ...

Java

RL has discovered a campaign using PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases, which are used for wallet recovery.

PyPI

FortiGuard Labs recently uncovered a threat actor employing a malicious PDF file to propagate the banking Trojan CHAVECLOAK.

Banking

Backdoor

My Tea’s not cold. An overview of China’s cyber threat

Bot

In this Threat Analysis Report, Cybereason Security Services dives into the Python Infostealer, ...

InfoStealer

AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform.

RAT

The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code

RAT

According to PcRisk, Research shows that the OceanLotus 'backdoor' targets MacOS computers.

OSX

TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant

VBS

GUloader Unmasked: Decrypting the Threat of Malicious SVG Files

Loader

The Art of Domain Deception: Bifrost's New Tactic to Deceive Users

RAT

GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange

Backdoor

European diplomats targeted by SPIKEDWINE with WINELOADER

Loader

A custom backdoor written in C++ capable of file exfiltration and upload, command execution, and more. Communicates using Azure cloud infrastructure.

Backdoor

A custom backdoor that provides a more flexible code-execution interface and enhanced reconnaissance features compared to MINIBIKE

Backdoor

A tunneler, likely based on an open-source Socks4a proxy, that communicates using Azure cloud infrastructure

Backdoor

Pony (also known as Fareit or Siplog) is a malware categorized as a loader and stealer, although it is also used as a botnet, being a tool that has been used for..

Stealer

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

Backdoor

When Stealers Converge: New Variant of Atomic Stealer in the Wild

Stealer

According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers.

Banking

Modular malware framework targeting SOHO network devices

Linux

Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus

Loader

Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant)

RAT

Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT to a Ukraine Entity in Finland

Loader

DarkVNC is a hidden utility based on the Virtual Network Computing (VNC) technology, initially promoted on an Exploit forum in 2016.

Stealer

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.

RAT

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.

RAT

Ousaban: LATAM Banking Malware Abusing Cloud Services

Banking

Tweet on recent Mekotio Banker campaign

Banking

First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative...

Banking

SSH-Snake: New Self-Modifying Worm Threatens Networks

Worm

To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer

RAT

Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats

Stealer

Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses

Stealer

Migo - a Redis Miner with Novel System Weakening Techniques

Miner

Sysjoker is a backdoor malware that was first discovered in December 2021 by Intezer.

Backdoor

According to Security Joes, this malware is an x64 ELF executable, lacking obfuscation or protective measures.

Wipper

Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach

Android

Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers.

Backdoor

Raccoon Stealer v2 – Part 1: The return of the dead

Stealer

An info stealer is malicious software (malware) that seeks to steal private data from a compromised device, including passwords, cookies, autofill information from browsers,
and cryptocurrency wallet information.

Stealer

According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking.

Backdoor

TinyTurla Next Generation - Turla APT spies on Polish NGOs

Backdoor

Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows

iOS

This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE.

Loader

CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day

Loader

Diving Into Glupteba's UEFI Bootkit

Bootkit

Pikabot is a malware loader that originally emerged in early 2023. Over the past year, ThreatLabz has been tracking the development of Pikabot and its modus operandi.

Loader

Ivanti Connect Secure: Journey to the core of the DSLog backdoor

Backdoor

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

macOS

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT.

RAT

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

Backdoor

RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS

Worm

MoqHao evolution: New variants start automatically right after installation

Android

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

Banking

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

Backdoor

HijackLoader Expands Techniques to Improve Defense Evasion

Loader

Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer

Stealer

According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475).

Backdoor

According to Mandiant, this malware family is attributed to potential chinese background and directly related to observed exploitation of Fortinet's SSL-VPN (CVE-2022-42475).

ELF

Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to..

RAT

CrackedCantil: A Malware Symphony Breakdown

Stealer

Facebook Advertising Spreads Novel Malware Variant

Stealer

A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets

Spyware

Skygofree: Following in the footsteps of HackingTeam

Android

ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group

RAT

New spyware attacks exposed: civil society targeted in Jordan

Spyware

This report aims to detail the functioning of a malware used by FIN7 since 2021, named DiceLoader (also known Icebot), ....

Loader

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Stealer

Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019

Stealer

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

Backdoor

Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor

Backdoor

We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), ....

Rootkit

HeadCrab 2.0: Evolving Threat in Redis Malware Landscape

Backdoor

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

Python

Mandiant has observed UNC4990 leverage EMPTYSPACE (also known as VETTA Loader and BrokerLoader),...

Backdoor

KRUSTYLOADER - RUST MALWARE LINKED TO IVANTI CONNECTSECURE COMPROMISES

Loader

Banking

Stealer

Stealer

Trojan

Backdoor

Trojan

RAT

GO base

RAT

Cryptomining

Python

VBS

OSX

Android

RAT

Stealer

12.1.24

Linux

11.1.24

osx

11.1.24

Bot

10.1.24

Loader

9.1.24

Stealer

9.1.24

RAT

6.1.24

macOS

6.1.24

Wipper

5.1.24

5.1.24

3.1.24

3.1.24

1.1.24

1.1.24