Malware - 2023(634)
| DATE |
NAME |
CATEGORY |
SUBC | |
|
9.1.24 |
Lumma Stealer | Malware | Stealer | Deceptive Cracked Software Spreads Lumma Variant on YouTube |
|
9.1.24 |
Silver RAT | Malware | RAT | A GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND IT’S SYRIAN ROOTS |
|
6.1.24 |
SpectralBlur | Malware | macOS | Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) Macho family tracked as SpectralBlur we found in August, and how finding it led us to stumble upon an early iteration of KANDYKORN (aka SockRacket). Please read Elastic’s EXCELLENT piece on that family. |
|
6.1.24 |
No-Justice | Malware | Wipper | Wiper attack on Albania by Iranian APT |
|
5.1.24 |
Bandook RAT | Malware | RAT | Bandook - A Persistent Threat That Keeps Evolving |
|
5.1.24 |
Remcos RAT | Malware | RAT | Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion |
|
3.1.24 |
WhiteSnake Stealer | Malware |
Stealer |
WhiteSnake Stealer malware sample on MalwareBazaar |
|
3.1.24 |
RisePro |
Stealer |
RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information, passwords, and personal data. | |
|
1.1.24 |
Stealer |
On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2). |
||
|
1.1.24 |
Stealer |
Jinx – Malware 2.0 We know it’s big, we measured it! |
||
|
29.12.23 |
Banking |
TinyNuke (aka Nuclear Bot) is a fully-fledged banking trojan including HiddenDesktop/VNC server and a reverse socks4 server. It was for sale on underground marketplaces for $2500 in 2016. |
||
|
29.12.23 |
Loader |
Kimsuky Attack Group Abusing Chrome Remote Desktop |
||
|
29.12.23 |
Loader |
According to Rapid7, this is a loader first spotted in July 2023. It implements several evasion techniques including Process Doppelgänging, DLL Search Order Hijacking, and Heaven's Gate. It has been observed to store its malicious payload in the IDAT chunk of PNG file format. |
||
|
29.12.23 |
Loader |
FakeBat, známý také jako EugenLoader, je nechvalně známý softwarový nakladač a distributor, který se dostal do popředí v oblasti kybernetických hrozeb. FakeBat je spojován s podvodnými reklamními kampaněmi nejdříve od listopadu 2022. |
||
|
29.12.23 |
Download |
First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. DarkGate makes use of legitimate AutoIt files and typically runs multiple AutoIt scripts. New versions of DarkGate have been advertised on a Russian language eCrime forum since May 2023. |
||
|
29.12.23 |
RAT |
SectopRAT, aka ArechClient2, is a .NET RAT with numerous capabilities including multiple stealth functions. Arechclient2 can profile victim systems, steal information such as browser and crypto-wallet data, and launch a hidden secondary desktop to control browser sessions. Additionally, it has several anti-VM and anti-emulator capabilities. |
||
|
29.12.23 |
RAT |
According to ProofPoint, FlawedGrace is written in C++ and can be categorized as a Remote Access Trojan (RAT). It seems to have been developed in the second half of 2017 mainly. |
||
|
29.12.23 |
Loader |
According to PCrisk, BATLOADER is part of the infection chain where it is used to perform the initial compromise. This malware is used to execute payloads like Ursnif. Our team has discovered BATLOADER after executing installers for legitimate software (such as Zoom, TeamViewer Visual Studio) bundled with this malware. We have found those installers on compromised websites. |
||
|
28.12.23 |
Dropper |
This is not being detected by ESET , but ESET is picking it up through Advanced Memory Scanner after being ran because it came through Skype as a 1.5mb shortcut pif , i kept a copy of it inside a passworded archieve , I sent the shortcut also for Analysis through right click and submit for analysis |
||
|
28.12.23 |
Stealer |
This malware is a successor to Raccoon Stealer (also referred to as Raccoon Stealer 2.0), which is however a full rewrite in C/C++. |
||
|
28.12.23 |
Backdoor |
This threat can give a malicious hacker unauthorized access and control of your PC. |
||
|
27.12.23 |
SALTWATER | Malware | Linux | According to Mandiant, SALTWATER is a module for the Barracuda SMTP daemon (bsmtpd) that has backdoor functionality. SALTWATER can upload or download arbitrary files, execute commands, and has proxy and tunneling capabilities. |
|
27.12.23 |
SEASPY | Malware | Linux | According to CISA, this malware is a persistent backdoor that masquerades as a legitimate Barracuda Networks service. The malware is designed to listen to commands received from the Threat Actor’s Command-and-Control through TCP packets |
|
27.12.23 |
Android/Xamalicious | Malware | Android | Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices |
|
26.12.23 |
Carbanak | Malware | Banking | MyCERT states that Carbanak is a remote backdoor designed for espionage, data exfiltration, and to remote control. |
|
24.12.23 |
IceXLoader | Malware | Loader | IceXLoader is a commercial malware used to download and deploy additional malware on infected machines. The latest version is written in Nim, a relatively new language utilized by threat actors the past two years, most notably by the NimzaLoader variant of BazarLoader used by the TrickBot group. |
|
24.12.23 |
BazarNimrod | Malware | RAT | A rewrite of Bazarloader in the Nim programming language. |
|
24.12.23 |
LONEPAGE | Malware | VBS | UAC-0099 Exploits WinRAR Vulnerability to Launch LONEPAGE Malware Attacks on Ukrainian Firms |
|
24.12.23 |
FalseFont | Malware | Backdoor | Microsoft: Hackers target defense firms with new FalseFont malware |
|
24.12.23 |
Intellexa | Malware | Spyware | Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware |
|
24.12.23 |
Chameleon | Malware | Android | Android Banking Trojan Chameleon can now bypass any Biometric Authentication |
|
24.12.23 |
Agent Tesla | Malware | Stealer | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
|
21.12.23 |
JaskaGO | Malware | macOS | Behind the scenes: JaskaGO’s coordinated strike on macOS and Windows |
|
19.12.23 |
Pikabot | Malware | Trojan | Discovered in early 2023, the modular Pikabot malware trojan can execute a diverse range of commands. |
|
19.12.23 |
SLUB | Malware | Backdoor | Who is the Threat Actor Behind Operation Earth Kitsune? |
|
19.12.23 |
Rhadamanthys | Malware | Stealer | RHADAMANTHYS V0.5.0 – A DEEP DIVE INTO THE STEALER’S COMPONENTS |
|
19.12.23 |
QakBot | Malware | Stealer | #Qakbot is back! The new version is 64-bit, uses AES for network encryption, and sends POST requests to the path /teorema505. |
|
15.12.23 |
NKAbuse | Malware | Backdoor | Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol |
|
15.12.23 |
W4SP Stealer | Malware | Stealer | The final payload is a Trojan written in Python and obfuscated with the same obfuscator as the downloader. The malware is dubbed “W4SP Stealer” by its author in the code. |
|
14.12.23 |
OilRig | Malware | Downaloader | OilRig’s persistent attacks using cloud service-powered downloaders |
|
14.12.23 |
Micropsia | Malware | Stealer | This malware written in Delphi is an information stealing malware family dubbed "MICROPSIA". It has s wide range of data theft functionality built in. |
|
14.12.23 |
DarkCrystalRAT | Malware | RAT | DCRat is a typical RAT that has been around since at least June 2019. |
|
14.12.23 |
VaporRage | Malware | Downaloader | According to Mandiant, VaporRage or BOOMMIC, is a shellcode downloader written in C that communicates over HTTPS. |
|
14.12.23 |
GraphicalProton | Malware | Downaloader | PANW Unit 42 describes this malware as capable of up and downloading files as well as loading additional shellcode payloads into selected target processes. It uses the Microsoft Graph API and Dropbox API as C&C channel. |
|
14.12.23 |
More_eggs | Malware | JS | BazarCall Attack Leverages Google Forms to Increase Perceived Credibility |
|
13.12.23 |
Meduza Stealer | Malware | Stealer | UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218) |
|
13.12.23 |
HeadLace | Malware | Backdoor | ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware |
|
12.12.23 |
MrAnon Stealer | Malware | Stealer | MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF |
|
11.12.23 |
KEYPLUG | Malware | Linux | With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets |
|
11.12.23 |
TrickMo’s | Malware | Banking | TrickMo’s Return: Banking Trojan Resurgence With New Features |
|
11.12.23 |
SpyLoan | Malware | Android | Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths |
|
9.12.23 |
GULOADER | Malware | Downloader | Getting gooey with GULOADER: deobfuscating the downloader |
|
9.12.23 |
Trojan-Proxy | Malware | Trojan Proxy | New macOS Trojan-Proxy piggybacking on cracked software |
|
7.12.23 |
Krasue | Malware | RAT | Curse of the Krasue: New Linux Remote Access Trojan targets Thailand |
|
5.12.23 |
P2Pinfect | Malware | Botnet | P2Pinfect - New Variant Targets MIPS Devices |
|
2.12.23 |
Agent Racoon | Malware | Backdoor | Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon. |
|
1.12.23 |
FjordPhantom | Malware | Android | Promon discovers new Android banking malware, “FjordPhantom” |
|
1.12.23 |
SugarGh0st RAT | Malware | RAT | New SugarGh0st RAT targets Uzbekistan government and South Korea |
|
1.12.23 |
Ghost RAT | Malware | RAT | According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth. |
|
29.11.23 |
GCleaner | Malware | Malware | Deep Analysis of GCleaner |
|
29.11.23 |
Fabookie | Malware | Loader | Loader Galore - TaskLoader at the start of a Pay-per-Install Infection Chain |
|
29.11.23 |
Amadey | Malware | Backdoor | Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. |
|
29.11.23 |
PrivateLoader | Malware |
Loader |
According to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. |
|
29.11.23 |
SmokeLoader | Malware | Backdoor | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. |
|
28.11.23 |
KANDYKORN | Malware | osx | Elastic catches DPRK passing out KANDYKORN |
|
28.11.23 |
RustBucket | Malware | masOS | BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection |
|
28.11.23 |
Tiger RAT | Malware | RAT | This is third stage backdoor mentioned in the Kaspersky blog, "Andariel evolves to target South Korea with ransomware". The third stage payload was created via the second stage payload, is interactively executed in the operation and exists in both x64 and x86 versions. |
|
25.11.23 |
SYSJOKER | Malware | Backdoor | ISRAEL-HAMAS WAR SPOTLIGHT: SHAKING THE RUST OFF SYSJOKER |
|
25.11.23 |
Konni | Malware | RAT | Konni is a remote administration tool, observed in the wild since early 2014. |
|
25.11.23 |
WailingCrab | Malware | Loader | Stealthy WailingCrab Malware misuses MQTT Messaging Protocol |
|
22.11.23 |
Atomic Stealer | Malware | Mac | Atomic Stealer distributed to Mac users via fake browser updates |
|
22.11.23 |
Agent Tesla | Malware | Stealer | New "Agent Tesla" Variant: Unusual "ZPAQ" Archive Format Delivers Malware |
|
22.11.23 |
Kinsing | Malware | Linux | CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits |
|
21.11.23 |
Android |
Enchant malware uses the Accessibility Service feature to target specific cryptocurrency wallets, including imToken, OKX, Bitpie Wallet, and TokenPocket wallet. |
||
|
21.11.23 |
Backdoor |
My Tea’s not cold. An overview of China’s cyber threat |
||
|
21.11.23 |
Dropper |
Popping Blisters for research: An overview of past payloads and exploring recent developments |
||
|
21.11.23 |
Loader |
According to Rapid7, this is a loader first spotted in July 2023. It implements several evasion techniques including Process Doppelgänging, DLL Search Order Hijacking, and Heaven's Gate. IDAT loader got its name as the threat actor stores the malicious payload in the IDAT chunk of PNG file format. |
||
|
21.11.23 |
Banking |
QBot is a modular information stealer also known as Qakbot or Pinkslipbot. It has been active for years since 2007. It has historically been known as a banking Trojan, meaning that it steals financial data from infected systems, and a loader using C2 servers for payload targeting and download. |
||
|
21.11.23 |
Downloader |
Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component. Despite being in the early stages of development, it already demonstrates advanced techniques in evasion, injection, and anti-analysis. |
||
|
21.11.23 |
Downloader |
First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. |
||
|
20.11.23 |
Sayler RAT | Malware | RAT | New Java-Based Sayler RAT Targets Polish Speaking Users |
|
20.11.23 |
Predator AI | Malware | Infosteler | Predator AI | ChatGPT-Powered Infostealer Takes Aim at Cloud Platforms |
|
20.11.23 |
Trap Stealer | Malware | Stealer | New Open-Source ‘Trap Stealer’ Pilfers Data in just 6 Seconds |
|
20.11.23 |
BbyStealer | Malware | Stealer | BbyStealer Malware Resurfaces, Sets Sights on VPN Users |
|
20.11.23 |
LummaC2 | Malware | Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022 |
|
18.11.23 |
Backdoor |
Most of the group’s Phobos variants are distributed by SmokeLoader, a backdoor trojan. This commodity loader typically drops or downloads additional payloads when deployed. |
||
|
18.11.23 |
Worm |
MALWARE SPOTLIGHT – INTO THE TRASH: ANALYZING LITTERDRIFTER |
||
|
17.11.23 |
RAT |
Information stealer which uses AutoIT for wrapping. |
||
|
16.11.23 |
RAT |
BlueShell malware used in APT attacks targeting Korea and Thailand |
||
|
14.11.23 |
Linux |
Linux DDoS C&C Malware |
||
|
14.11.23 |
Downloader |
TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities |
||
|
14.11.23 |
Stealer |
According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature. |
||
|
13.11.23 |
Wiper |
According to Security Joes, this malware is an x64 ELF executable, lacking obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions. |
||
|
11.11.23 |
Wiper |
CaddyWiper is another destructive malware believed to be deployed to target Ukraine. |
||
|
11.11.23 |
Effluence | Malware | Backdoor | Detecting “Effluence”, An Unauthenticated Confluence Web Shell |
|
11.11.23 |
Kamran | Malware | Android | Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan |
|
11.11.23 |
FakeBat | Malware | Loader | FakeBat (also known as EugenLoader) is a malicious software loader and dropper that has emerged as a significant player in the world of cyber threats. FakeBat has been associated with malvertising campaigns since at least November 2022. |
| 9.11.23 | BlazeStealer | Malware | Python | In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. Yet, as the community grows, so does the number of bad actors looking to exploit it. A recent example involves developers being targeted by seemingly legitimate Python obfuscation packages that harbor malicious code. |
| 9.11.23 | ObjCShellz | Malware | MacOS | Jamf Threat Labs discovered a new later-stage malware variant from BlueNoroff that shares characteristics with their RustBucket campaign. Read this blog to learn more about this malware and view the indicators of compromise. |
| 9.11.23 | GootBot | Malware | Bot | GootBot – Gootloader’s new approach to post-exploitation |
| 9.11.23 | GootLoader | Malware | JS | According to PCrisk, they discovered GootLoader malware while examining legitimate but compromised websites (mainly websites managed using WordPress). It was found that GootLoader is used to infect computers with additional malware. Cybercriminals using GootLoader seek to trick users into unknowingly downloading and executing the malware by disguising it as a document or other file. |
| 9.11.23 | Action RAT | Malware | RAT | Double Action, Triple Infection, and a New RAT: SideCopy’s Persistent Targeting of Indian Defence |
| 9.11.23 | AllaKore | Malware | RAT | AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. It implements the RFB protocol which uses frame buffers and thus is able to send back only the changes of screen frames to the controller, speeding up the transport and visualization control. |
| 7.11.23 | Jupyter | Malware | Infostealer | An updated version of an information stealer malware known as Jupyter has resurfaced with "simple yet impactful changes" that aim to stealthily establish a persistent foothold on compromised systems. |
| 6.11.23 | SecuriDropper | Malware | Android | Droppers are a specific category of malware whose main purpose is to install a payload on an infected device. |
| 6.11.23 | Google Calendar RAT | Malware | RAT | The Rising Threat of Covert Cyber Attacks through Google Calendar |
| 4.11.23 | StripedFly | Malware | Crypto | It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. |
| 3.11.23 | NodeStealer | Malware | Stealer | NodeStealer attacks on Facebook take a provocative turn – threat actors deploy malvertising campaigns to hijack users’ accounts |
| 3.11.23 | CanesSpy | Malware | Spyware | Cybersecurity researchers have unearthed a number of WhatsApp mods for Android that come fitted with a spyware module dubbed CanesSpy. |
| 2.11.23 | Mozi | Malware | Linux | P2P Botnets: Review - Status - Continuous Monitoring |
| 1.11.23 | WINTAPIX | Malware | Backdoor | WINTAPIX: A New Kernel Driver Targeting Countries in The Middle East |
| 1.11.23 | LIONTAIL | Malware | Steal | FROM ALBANIA TO THE MIDDLE EAST: THE SCARRED MANTICORE IS LISTENING |
| 1.11.23 | RustBucket | Malware | Trojan | Bluenoroff’s RustBucket campaign |
| 1.11.23 | RustBucket | Malware | OSX | BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection |
| 1.11.23 | KANDYKORN | Malware | macOS | Elastic Security Labs exposes an attempt by the DPRK to infect blockchain engineers with novel macOS malware. |
| 1.11.23 | Kazuar | Malware | Backdoor | Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla) |
| 1.11.23 | AridViper | Malware | Android | Arid Viper disguising mobile spyware as updates for non-malicious Android applications |
| 28.10.23 | StripedFly | Linux | It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. | |
| 28.10.23 | LPEClient | Stealer | LPEClient is an HTTP(S) downloader that expects two command line parameters: an encrypted string containing two URLs (a primary and a secondary C&C server), and the path on the victim's file system to store the downloaded payload. | |
| 28.10.23 | SIGNBT | Inject | The exploitation led to the deployment of the SIGNBT malware along with shellcode used for injecting the payload into memory for stealthy execution. | |
|
27.10.23 |
Loader |
Yellow Liderc ships its scripts and delivers IMAPLoader malware |
||
|
27.10.23 |
RAT |
Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection |
||
|
27.10.23 |
RAT |
In this course, you will learn exfiltration over alternative protocol: exfiltration over unencrypted/obfuscated non-C2 protocol using Powershell RAT. |
||
|
27.10.23 |
Injector |
Trojan.Injector is Malwarebytes' generic detection name for malware that injects itself into other processes or files. This is an effective method to hide from the average user as they will only see the regular active processes. |
||
|
27.10.23 |
Stealer |
Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware |
||
| 21.10.23 | LOBSHOT | Malware | Stealer | According to PCrisk, LOBSHOT is a type of malware with a feature called hVNC (Hidden Virtual Network Computing) that allows attackers to access a victim's computer without being noticed. |
| 21.10.23 | DarkGate | Malware | Loader | First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. |
| 21.10.23 | DUCKTAIL | Malware | Stealer | According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature. |
| 20.10.23 | ExelaStealer | Malware | Stealer | Another InfoStealer Enters the Field, ExelaStealer |
| 20.10.23 | Scout | Malware | Downloader | A downloader that uses Windows messages to control its execution flow. |
| 20.10.23 | Volgmer | Malware | Backdoor | Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malware |
| 20.10.23 | RokRAT | Malware | RAT | It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. |
| 20.10.23 | Bankshot | Malware | Backdoor | Following the Lazarus group by tracking DeathNote campaign |
| 20.10.23 | LPEClient | Malware | Downloader | LPEClient is an HTTP(S) downloader that expects two command line parameters: an encrypted string containing two URLs (a primary and a secondary C&C server), and the path on the victim's file system to store the downloaded payload. |
|
19.10.23 |
Venom RAT | Malware | RAT | VenomRAT - new, hackforums grade, reincarnation of QuassarRAT |
|
19.10.23 |
Typhon Stealer | Malware | Stealer | According to PCrisk, Typhon is a stealer-type malware written in the C# programming language. |
|
19.10.23 |
Stealerium | Malware | Stealer | According to SecurityScorecard, Stealerium is an open-source stealer available on GitHub. The malware steals information from browsers, cryptocurrency wallets, and applications such as Discord, Pidgin, Outlook, Telegram, Skype, Element, Signal, Tox, Steam, Minecraft, and VPN clients. |
|
17.10.23 |
Poseidon | Malware | Linux | Part of Mythic C2, written in Golang. |
|
17.10.23 |
Poseidon | Malware | OSX | Part of Mythic C2, written in Golang. |
|
16.10.23 |
Android |
The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code |
||
|
16.10.23 |
RAT |
According to ThreatFabric, this is a malware family based on apk.ermac. The name hook is the self-advertised named by its vendor DukeEugene. |
||
|
16.10.23 |
Loader |
HijackLoader Targets Hotels: A Technical Analysis |
||
|
16.10.23 |
APPX file |
For Microsoft Edge’s visitors, ClearFake delivered a malicious Windows Application Packaging Project (APPX file) from Dropbox. |
||
|
16.10.23 |
Loader |
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers |
||
|
14.10.23 |
RAT |
Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. |
||
|
13.10.23 |
Stealer |
First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. |
||
|
13.10.23 |
RAT |
Phylum Discovers SeroXen RAT in Typosquatted NuGet Package |
||
|
13.10.23 |
Stealer |
This malware is a successor to Raccoon Stealer (also referred to as Raccoon Stealer 2.0), which is however a full rewrite in C/C++. |
||
|
13.10.23 |
Stealer |
Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. |
||
|
13.10.23 |
Linux |
ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses |
||
| 12.10.23 | BlueShell | Malware | Backdoor | According to AhnLab, BlueShell is a backdoor malware developed in Go language, published on Github, and it supports Windows, Linux, and Mac operating systems. |
| 12.10.23 | Balada Injector | Malware | Injector | Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins |
| 10.10.23 | PEACHPIT | Malware | MultiOS | PEACHPIT is an ad fraud branch that comes from the root of the BADBOX tree. |
| 8.10.23 | HyperBro | Malware | RAT | HyperBro is a RAT that has been observed to target primarily within the gambling industries, though it has been spotted in other places as well. |
|
5.10.23 |
Bot |
According to PCrisk, Lu0bot es un software malicioso. El malware es ligero, por lo que su uso de los recursos del sistema es bajo. Esto complica la detección de Lu0bot, ya que no causa síntomas significativos, como una grave disminución del rendimiento del sistema. |
||
|
5.10.23 |
RAT |
DinodasRAT uses TEA to decrypt some of its strings, as well as to encrypt/decrypt data sent to, or received from, its C&C server. |
||
|
5.10.23 |
Android |
Let's dig deeper: dissecting the new Android Trojan GoldDigger with Group-IB Fraud Matrix |
||
|
5.10.23 |
iOS |
iOS exploit chain deploys LightSpy feature-rich malware |
||
|
5.10.23 |
Android |
Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41 |
||
|
5.10.23 |
Android |
Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41 |
||
|
5.10.23 |
RAT |
SeroXen is a fileless Remote Access Trojan (RAT) that excels in evading detection through both static and dynamic analysis methods |
||
|
5.10.23 |
Rootkit |
According to the author, r77 is a ring 3 rootkit that hides everything: * Files, directories * Processes & CPU usage * Registry keys & values * Services * TCP & UDP connections * Junctions, named pipes, scheduled tasks |
||
|
3.10.23 |
Stealer |
The report delves into the intricate workings of “The-Murk-Stealer,” a malicious tool that can discreetly infiltrate systems to collect sensitive information. |
||
|
3.10.23 |
Stealer |
Agniane Stealer fraudulently takes credentials, system information, and session details from browsers, tokens, and file transferring tools. |
||
|
3.10.23 |
Droper |
One of the most exciting aspects of malware analysis is coming across a family that is new or rare to the reversing community. |
||
|
3.10.23 |
Loader |
BunnyLoader, the newest Malware-as-a-Service |
||
|
3.10.23 |
Android |
According to cyware, Zanubis malware pretends to be a malicious PDF application. The threat actor uses it as a key to decrypt responses received from the C2 server. |
||
| 1.10.23 | SideTwist | Malware | Backdoor | APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan |
| 1.10.23 | Flagpro | Malware | Backdoor | According to PICUS, Flagpro is malware that collects information from the victim and executes commands in the victim’s environment. It targets Japan, Taiwan, and English-speaking countries. When a victim is infected with Flagpro malware, the malware can do the following: |
| 1.10.23 | ASMCrypt | Malware | Crypt | As long as cybercriminals want to make money, they’ll keep making malware, and as long as they keep making malware, we’ll keep analyzing it, publishing reports and providing protection. |
| 30.9.23 | AtlasAgent | Malware | Trojan | AtlasAgent used in this attack activity is Trojan horse program developed by AtlasCross. |
| 30.9.23 | DangerAds | Malware | Trojan | This is a loader Trojan used by AtlasCross in this activity. |
| 30.9.23 | ZenRAT | Malware | RAT | Proofpoint identified a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden. |
| 30.9.23 | Xenomorph | Malware | Android RAT | Xenomorph is a Android Banking RAT developed by the Hadoken.Security actor. |
| 30.9.23 | AndroRAT | Malware | Android RAT | Androrat is a remote administration tool developed in Java Android for the client side and in Java/Swing for the Server. |
| 30.9.23 | Gh0stCringe | Malware | RAT | Gh0stCringe RAT Being Distributed to Vulnerable Database Servers |
| 30.9.23 | China Chopper | Malware | RAT | China Chopper is a Web Shell hosted on Web servers to provide access back into an enterprise network that does not rely on an infected system calling back to a remote command and control server. It has been used by several threat groups. |
| 30.9.23 | Impacket | Malware | Tool | Impacket is an open source collection of modules written in Python for programmatically constructing and manipulating network protocols |
| 30.9.23 | Mimikatz | Malware | Tool | What if we were to tell you that there was a magical tool that could greatly simplify the discovery and pillaging of credentials from Windows-based hosts. |
| 30.9.23 | AdFind | Malware | Tool | AdFind is a free command-line query tool that can be used for gathering information from Active Directory. |
| 30.9.23 | TONESHELL | Malware | Backdoor | My Tea’s not cold. An overview of China’s cyber threat |
|
24.9.23 |
Deadglyph | Malware | Backdoor | Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics |
|
23.9.23 |
Predator | Malware | Apple Spyware | Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. |
|
23.9.23 |
BBtok | Malware | Banking | 360 Security Center describes BBtok as a banking trojan targeting Mexico. |
|
23.9.23 |
Predator | Malware | Apple Spyware | Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. |
|
23.9.23 |
BBtok | Malware | Banking | 360 Security Center describes BBtok as a banking trojan targeting Mexico. |
|
22.9.23 |
P2PInfect | Malware | P2P Worm | "This increase in P2PInfect traffic has coincided with a growing number of variants seen in the wild, suggesting that the malware's developers are operating at an extremely high development cadence," |
|
22.9.23 |
Venom RAT | Malware | RAT | Attack Activities by Quasar Family |
|
20.9.23 |
ValleyRAT | Malware | RAT | In March 2023, Proofpoint identified a new malware we dubbed ValleyRAT. |
|
19.9.23 |
ShroudedSnooper | Malware | Backdoor | Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. |
|
19.9.23 |
XWorm | Malware | RAT | Malware with wide range of capabilities ranging from RAT to ransomware. |
|
19.9.23 |
SprySOCKS | Malware | Linux | Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement |
|
19.9.23 |
CapraRAT | Malware | RAT | According to PCrisk, CapraRAT is the name of an Android remote access trojan (RAT), possibly a modified version of another (open-source) RAT called AndroRAT. |
|
19.9.23 |
Hook | Malware | Android | According to ThreatFabric, this is a malware family based on apk.ermac. The name hook is the self-advertised named by its vendor DukeEugene. It provides WebSocket communication and has RAT capabilities. |
|
19.9.23 |
RECORDSTEALER | Malware | Stealer | New Info-stealer Disguised as Crack Being Distributed |
|
16.9.23 |
NodeStealer | Malware | Stealer | New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials |
|
16.9.23 |
RedLine/Vidar | Malware | Stealer | In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method. |
|
16.9.23 |
SHAPESHIFT | Malware | Wiper | Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware |
|
16.9.23 |
Bash stealer | Malware | Stealer | Free Download Manager backdoored – a possible supply chain attack on Linux machines |
|
14.9.23 |
Malware |
According to Elastic, BUGHATCH is an in-memory implant loaded by an obfuscated PowerShell script that decodes and executes an embedded shellcode blob in its allocated memory space using common Windows APIs (VirtualAlloc, CreateThread, WaitForSingleObject). |
||
|
14.9.23 |
Loader |
Malware distributor Storm-0324 facilitates ransomware access |
||
|
13.9.23 |
MacOS |
On March 7, 2022, KELA observed a threat actor named _META_ announcing the launch of META – a new information-stealing malware, available for sale for USD125 per month or USD1000 for unlimited use. |
||
|
13.9.23 |
Python |
Hackers Deploy Python-Based Stealer via Facebook Messenger |
||
|
13.9.23 |
Stealer |
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. |
||
|
13.9.23 |
Stealer |
New RisePro Stealer distributed by the prominent PrivateLoader |
||
|
10.9.23 |
Loader |
First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. |
||
|
9.9.23 |
MacOS |
Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago. |
||
|
9.9.23 |
MacOS |
Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram |
||
|
7.9.23 |
SideTwist | Malware | Trojan | APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan |
|
6.9.23 |
Loader |
Elastic observed this loader coming with valid code signatures, being used to deploy secondary payloads in-memory. |
||
|
6.9.23 |
Banking |
Chae$ 4: New Chaes Malware Variant Targeting Financial and Logistics Customers |
||
|
6.9.23 |
Backdoor |
Analysis of Andariel’s New Attack Activities |
||
|
6.9.23 |
Backdoor |
Analysis of Andariel’s New Attack Activities |
||
|
6.9.23 |
RAT |
Analysis of Andariel’s New Attack Activities |
||
|
6.9.23 |
RAT |
GoatRAT Attacks Automated Payment Systems |
||
|
6.9.23 |
Malware |
According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature. |
||
|
3.9.23 |
Backdoor |
Elasticsearch is no stranger to cybercriminal abuse given its popularity. |
||
|
2.9.23 |
GRU Malware |
A collection of components associated with Sandworm designed to enable remote access and exfiltrate information from Android phones. |
||
|
2.9.23 |
RAT |
ANALYSIS OF NOVEL RAT DISCOVERED DUBBED “SUPERBEAR”. THE RAT HAS BEEN FOUND TARGETING JOURNALIST AND DEPLOYED USING OPEN-SOURCE AUTOIT SCRIPTS. |
||
| 2.9.23 | SapphireStealer | Malware | Stealer | Open-source information stealer enables credential and data theft |
| 2.9.23 | QRLog | Malware | QR trojan | There is little information about how initial compromise was achieved in the known compromises, but analysis of the known components provide a strong link to a trojanized QR code generator discovered in the wild in February 2023. |
| 2.9.23 | JokerSpy | Malware | MacOS | Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware |
| 2.9.23 | SnatchCrypto | Malware | Crypto | Malware observed in the SnatchCrypto campaign, attributed by Kaspersky Labs to BlueNoroff with high confidence. |
| 2.9.23 | HemiGate | Malware | Loader | HemiGate is a backdoor used by Earth Estries. Like most of the tools used by this threat actor, this backdoor is also executed via DLL sideloading using one of the loaders that support interchangeable payloads. |
| 2.9.23 | TrillClient | Malware | Tool | TrillClient toolset is an information stealer designed to steal browser data, and is packed in a single cabinet file (.cab) and extracted through the utility application expand.exe. |
| 2.9.23 | Zingdoor | Malware | Backdoor | Zingdoor is a new HTTP backdoor written in Go. While we first encountered Zingdoor in April 2023, some logs indicate that the earliest developments of this backdoor took place in June 2022. |
|
31.8.23 |
MMRat | Malware | Android RAT | The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023. |
|
31.8.23 |
BadBazaar | Malware | Android | ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs |
|
31.8.23 |
Loader |
First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. |
||
|
29.8.23 |
Python |
Phylum routinely identifies malware and other software supply chain attacks targeting high-value, critical assets: an organization’s software developers. |
||
|
25.8.23 |
RAT |
Lazarus Group's infrastructure reuse leads to discovery of new malware |
||
|
25.8.23 |
RAT |
QuiteRAT is a simple remote access trojan written with the help of Qt libraries. |
||
| 24.8.23 | Telekopye | Malware | Malware | Analysis of Telegram bot that helps cybercriminals scam people on online marketplaces |
| 24.8.23 | Whiffy Recon | Malware | Loader | SMOKE LOADER DROPS WHIFFY RECON WI-FI SCANNING AND GEOLOCATION MALWARE |
|
23.8.23 |
Stealer |
ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack. |
||
|
23.8.23 |
Tool |
Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle |
||
|
23.8.23 |
RAT |
‘Malware-as-a-service’ has been around for some time, however of late, it has become increasingly convenient for cybercriminals to kickstart their activities without having to learn malware development itself. |
||
|
23.8.23 |
RAT |
The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code |
||
|
22.8.23 |
RAT |
RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. |
||
|
22.8.23 |
MacOS |
Xloader is a Rebranding of Formbook malware (mainly a stealer), available for macOS as well. |
||
|
21.8.23 |
MacOS |
AT&T Alien Labs researchers recently discovered a massive campaign of threats delivering a proxy server application to Windows machines. |
||
|
21.8.23 |
RAT |
In March 2023, Lumen Black Lotus Labs reported on a complex campaign called “HiatusRAT” that infected over 100 edge networking devices globally. |
||
| 19.8.23 | Gigabud RAT |
RAT |
Gigabud is the name of an Android Remote Access Trojan (RAT) Android that can record the victim's screen and steal banking credentials by abusing the Accessibility Service. | |
| 14.8.23 | QwixxRAT |
RAT |
A new threat has emerged in the realm of cybersecurity, referred to as QwixxRAT. Both businesses and individual users are at risk, as this Trojan silently infiltrates devices, casting a wide net of data extraction. | |
| 14.8.23 | HYPERSCRAPE | Malware | Stealer | New Iranian APT data extraction tool |
| 14.8.23 | JanelaRAT |
RAT |
According to Zscaler, JanelaRAT is a heavily modified variant of BX RAT. | |
|
13.8.23 |
Backdoor |
MoustachedBouncer: Espionage against foreign diplomats in Belarus |
||
|
12.8.23 |
RAT |
Malware with wide range of capabilities ranging from RAT to ransomware. |
||
|
12.8.23 |
Stealer |
Statc Stealer. Statc Stealer is a sophisticated malware that infects devices powered by Windows, gains access to computer systems, and steals sensitive information. |
||
|
11.8.23 |
Malware |
Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors |
||
|
11.8.23 |
Malware |
Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors |
||
|
11.8.23 |
Malware |
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale |
||
|
11.8.23 |
Malware |
Brute Ratel is a a Customized Command and Control Center for Red Team and Adversary Simulation |
||
|
8.8.23 |
Downloader |
To that end, the Israeli cybersecurity company said it uncovered nine LOLBAS downloaders and three executors that could enable adversaries to download and execute "more robust malware" on infected hosts. |
||
|
8.8.23 |
RAT |
Multiple malicious OpenBullet configuration files are being shared within these communities, resulting in the installation of a Remote Access Trojan (RAT) on the user’s machine. |
||
|
8.8.23 |
Backdoor |
North Korea Compromises Sanctioned Russian Missile Engineering Company |
||
|
7.8.23 |
Linux |
While analyzing the latest logs of our honeypot located in central Europe, we found a rather interesting entry that repeated again less than two weeks later. |
||
|
3.8.23 |
Android |
SharkBot is a piece of malicious software targeting Android Operating Systems (OSes). |
||
|
3.8.23 |
Backdoor |
PANW Unit 42 describes this malware as capable of up and downloading files as well as loading additional shellcode payloads into selected target processes. |
||
|
3.8.23 |
RAT |
Proofpoint describes Phorpiex/Trik as a SDBot fork (thus IRC-based) that has been used to distribute GandCrab, Pushdo, Pony, and coinminers. |
||
|
3.8.23 |
RAT |
Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT |
||
|
2.8.23 |
Stealer |
About eight months later, in March 2023, FakeGPT, a new variant of a fake ChatGPT Chrome extension that steals Facebook Ad accounts, was reported. |
||
|
2.8.23 |
Linux |
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities |
||
|
2.8.23 |
Malware |
Known as HeadCrab, this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions |
||
|
2.8.23 |
Backdoor |
is a a .NET-based modular backdoor that comes with capabilities to establish contact with a remote command-and-control (C2) server and execute commands to enumerate files. |
||
|
2.8.23 |
Backdoor |
Bitter, also known as Cranberry, is an advanced threat group with suspected roots in South Asia. |
||
|
2.8.23 |
Trojan |
A Trojan for Winows with the same code structure and functionalities of elf.rekoobe, for Linux environment instead. |
||
|
2.8.23 |
Linux |
A Trojan for Linux intended to infect machines with the SPARC architecture and Intel x86, x86-64 computers. |
||
|
1.8.23 |
Banking |
Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer. |
||
|
31.7.23 |
RAT |
AVrecon is a Linux-based Remote Access Trojan (RAT) targeting small-office/home-office (SOHO) routers and other ARM-embedded devices. |
||
|
31.7.23 |
Downloader |
Fruity trojan downloader performs multi-stage infection of Windows computers |
||
|
30.7.23 |
Android |
Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. |
||
|
30.7.23 |
Backdoor |
CISA obtained 14 malware samples comprised of Barracuda exploit payloads and reverse shell backdoors. The malware was used by threat actors exploiting CVE-2023-2868... |
||
|
30.7.23 |
Backdoor |
CISA obtained two SEASPY malware samples. The malware was used by threat actors exploiting CVE-2023-2868... |
||
|
30.7.23 |
Backdoor |
CISA obtained seven malware samples related to a novel backdoor CISA has named SUBMARINE. The malware was used by threat actors exploiting CVE-2023-2868, a former zero-day vulnerability affecting certain versions 5.1.3.001 - 9.2.0.006 of Barracuda Email Security Gateway (ESG). |
||
|
30.7.23 |
Trojan |
A stager used by APT29 to download and run CobaltStrike. |
||
|
30.7.23 |
Trojan |
A stager used by APT29 to deploy CobaltStrike. |
||
|
30.7.23 |
Loader |
This loader abuses the benign service Notion for data exchange. |
||
|
27.7.23 |
Trojan |
The element originally known as “foul air” stinks up computers as a new initial-access campaign exhibiting some uncommon techniques |
||
|
27.7.23 |
CoinMiners |
Using AhnLab Smart Defense (ASD) infrastructure, AhnLab Security Emergency response Center (ASEC) has recently discovered the PurpleFox malware being installed on poorly managed MS-SQL servers. |
||
|
26.7.23 |
Backdoor |
Decoy Dog has a full suite of powerful, previously unknown capabilities |
||
|
26.7.23 |
RAT |
Pupy is the name of an open-source Remote Administration Trojan (RAT) written in Python. |
||
|
26.7.23 |
MacOS |
In the case of macOS, the infostealer turned out to be a new malware written in Rust, dubbed “realst”. |
||
|
25.7.23 |
Banking |
According to BitDefender, Metamorfo is a family of banker Trojans that has been active since mid-2018. |
||
| 22.7.23 | DBatLoader | Malware | Loader | This Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. |
| 22.7.23 | DarkComet | Malware | RAT | DarkComet is one of the most famous RATs, developed by Jean-Pierre Lesueur in 2008. |
| 22.7.23 | BianLian | Malware | Android | Hunting the AndroidBianLian botnet |
| 22.7.23 | BianLian | Malware | Linux | BianLian Ransomware Expanding C2 Infrastructure and Operational Tempo |
| 22.7.23 | BianLian | Malware | Ransom | BianLian is a GoLang-based ransomware that continues to breach several industries and demand large ransom amounts. |
| 22.7.23 | HotRat | Malware | RAT | HotRat: The Risks of Illegal Software Downloads and Hidden AutoHotkey Script Within |
| 21.7.23 | BundleBot | Malware | Bot | Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities |
| 21.7.23 | DeliveryCheck | Malware | Backdoor | According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking. |
|
20.7.23 |
HeadCrab | Malware | Bot | Aqua Nautilus researchers discovered a new elusive and severe threat that has been infiltrating and residing on servers worldwide since early September 2021 |
|
20.7.23 |
Redigo | Malware | Backdoor | Aqua Nautilus discovered new Go based malware that targets Redis servers. |
|
20.7.23 |
P2P virus |
The P2PInfect worm infects vulnerable Redis instances by exploiting the Lua sandbox escape vulnerability, CVE-2022-0543. |
||
|
19.7.23 |
Android |
Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41 |
||
|
19.7.23 |
Android |
Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41 |
||
|
18.7.23 |
RAT |
Deed RAT, a piece of remote access trojan malware, has seen a resurgence in use over the recent weeks. |
||
|
18.7.23 |
Backdoor |
They've also switched from BadHatch to a C++-based backdoor known as Sardonic, which, according to Bitdefender security. |
||
|
17.7.23 |
USB |
BEYOND THE HORIZON: TRAVELING THE WORLD ON CAMARO DRAGON’S USB FLASH DRIVES |
||
|
17.7.23 |
GPT |
WormGPT – The Generative AI Tool Cybercriminals Are Using to Launch Business Email Compromise Attacks |
||
|
15.7.23 |
Backdoor |
Backdoor malware |
||
|
14.7.23 |
ICS |
The team identifies this malware as TRISIS because it targets Schneider Electric’s Triconex safety instrumented system (SIS)... |
||
|
14.7.23 |
RAT |
Kroll has identified a fully featured information stealer and remote access tool (RAT) in the Python Package Index (PyPI) that it is calling “Colour-Blind”. |
||
|
14.7.23 |
Crypto |
This trojan is designed to decrypt encrypted files and run them directly from the system's memory. |
||
|
13.7.23 |
Ransom |
Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes |
||
|
13.7.23 |
Rootkit |
Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions |
||
|
13.7.23 |
Python |
PyLoose is a newly discovered Python-based fileless malware targeting cloud workloads. |
||
|
11.7.23 |
RAT |
Github Repository with source code for Pandora hVNC |
||
|
11.7.23 |
Ransom |
Pandora ransomware was obtained by vx-underground at 2022-03-14. |
||
|
11.7.23 |
Virus |
Neshta is a 2005 Belarusian file infector virus written in Delphi. The name of the virus comes from the Belarusian word "nesta" meaning "something." |
||
|
10.7.23 |
Banking |
Discover the intricate layers of a new sophisticated and persistent malware campaign targeting businesses in the LATAM region delivering the TOITOIN Trojan. |
||
|
10.7.23 |
RAT |
Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. |
||
|
9.7.23 |
MacOS RAT |
Noknok is a remote administration tool (RAT). RATs vary in severity and have a variety of functions to meet the needs of the attacker. |
||
|
8.7.23 |
Vishing toolset |
In recent years, the rise of Vishing, also known as Voice over IP Phishing, has become so popular that it has eroded trust in calls from unknown numbers. |
||
|
7.7.23 |
RAT |
According to ProofPoint, FlawedGrace is written in C++ and can be categorized as a Remote Access Trojan (RAT) |
||
|
7.7.23 |
MacOS |
TA453 continues to adapt its malware arsenal, deploying novel file types and targeting new operating systems, specifically sending Mac malware.. |
||
|
7.7.23 |
LINUX |
8220 Gang Deploys a New Campaign with Upgraded Techniques |
||
|
7.7.23 |
RAT |
Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. |
||
|
7.7.23 |
RAT |
VenomRAT - new, hackforums grade, reincarnation of QuassarRAT |
||
|
4.7.23 |
Android |
Neo_Net has been conducting an eCrime campaign targeting clients of prominent banks globally, with a focus on Spanish and Chilean banks.. |
||
| 3.7.23 | Meduza Stealer | Stealer | The Meduza Stealer has a singular objective: comprehensive data theft. | |
| 3.7.23 | SVCReady | Malware | Malware | According to PCrisk, SVCReady collects information about the infected system such as username, computer name, time zone, computer manufacturer.. |
| 3.7.23 | Pikabot | Malware | Downloader | Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component. |
| 3.7.23 | Minodo | Backdoor | Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor | |
| 3.7.23 | Matanbuchus | Malware | According to PCrisk, Matanbuchus is a loader-type malicious program offered by its developers as Malware-as-a-Service (MaaS). | |
| 3.7.23 | Lumma Stealer | Stealer | Lumma is an information stealer written in C, sold as a Malware-as-a-Service by LummaC on Russian-speaking underground forums and Telegram since at least August 2022. | |
| 3.7.23 | CargoBay | Malware | CargoBay is a newer malware family which was first observed in 2022 and is notable for being written in the Rust language. | |
| 3.7.23 | AresLoader | Malware | Downloader | AresLoader is a new malware "downloader" that has been advertised on some Russian language Dark Web forums “RAMP and "XSS" by a threat actor called "DarkBLUP" |
|
1.7.23 |
Malware |
Bluenoroff’s RustBucket campaign |
||
|
1.7.23 |
OSX |
Attack trends related to the attack campaign DangerousPassword |
||
|
1.7.23 |
Backdoor |
CharmPower is a PowerShell-based, modular backdoor that has been used by Magic Hound since at least 2022. |
||
|
1.7.23 |
Backdoor |
Charming Kitten Updates POWERSTAR with an InterPlanetary Twist |
||
|
1.7.23 |
Framework |
The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control (C2) framework |
||
|
1.7.23 |
Proxyjacking: The Latest Cybercriminal Side Hustle |
|||
|
30.6.23 |
Android |
According to Check Point, this malware features several malicious Android applications that mimic legitimate applications... |
||
|
30.6.23 |
RAT |
Lazarus and the tale of three RATs |
||
|
30.6.23 |
RAT |
Emulating the Highly Sophisticated North Korean Adversary Lazarus Group |
||
|
30.6.23 |
RAT |
Dtrack is a Remote Administration Tool (RAT) developed by the Lazarus group. |
||
|
30.6.23 |
RAT |
Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022 |
||
|
30.6.23 |
Android |
Polish security research blog Niebezpiecznik, which first reported the breach and analyzed a dump of the stolen data.. |
||
|
30.6.23 |
RAT |
This is the third installment of a three-part technical analysis of the fully undetectable (FUD) obfuscation engine BatCloak and SeroXen malware. |
||
|
30.6.23 |
Infostealer |
New Fast-Developing ThirdEye Infostealer Pries Open System Information |
||
|
27.6.23 |
Anatsa | Malware | Banking | Anatsa banking Trojan hits UK, US and DACH with new campaign |
|
26.6.23 |
MacOS |
An overview of JOKERSPY, discovered in June 2023, which deployed custom and open source macOS tools to exploit a cryptocurrency exchange located in Japan. |
||
|
24.6.23 |
Dropper |
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID |
||
|
24.6.23 |
Rootkit |
BlackLotus stage 2 bootkit-rootkit analysis |
||
|
24.6.23 |
Linux |
Operation Earth Berberoka |
||
|
24.6.23 |
Linux |
According to netenrich, Kaiten is a Trojan horse that opens a back door on the compromised computer that allows it to perform other malicious activities. |
||
|
24.6.23 |
Malware |
Mandiant associates this with UNC4191, this malware spreads to removable drives. |
||
|
24.6.23 |
Malware |
Mandiant associates this with UNC4191, this malware is a launcher for NCAT to establish a reverse tunnel. |
||
|
24.6.23 |
Malware |
Mandiant associates this with UNC4191, this malware decrypts and runs DARKDEW. |
||
|
24.6.23 |
Malware |
Camaro Dragon is a Chinese-based espionage threat actor whose operations are actively focused on Southeast Asian |
||
|
22.6.23 |
Backdoor |
A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. |
||
|
22.6.23 |
Backdoor |
Graphican is an evolution of the known Flea backdoor Ketrican, which itself was based on a previous malware — BS2005 — also used by Flea. |
||
|
22.6.23 |
RAT |
Zscaler ThreatLabz researchers observed multiple threat campaigns utilizing the Snip3 crypter, a multi-stage remote access trojan (RAT). |
||
|
22.6.23 |
Crpyto |
Rhadamanthys is an information stealer that consists of two components, the loader and the main module (responsible for exfiltrating collected credentials). |
||
|
22.6.23 |
InfoStealer |
The oldest sample we were able to track until now (e69b50d1d58056fc770c88c514af9a82) shows the malware during its early development stage. |
||
|
22.6.23 |
Backdoor |
Zscaler ThreatLabz has recently unearthed a new backdoor called 'Devopt'. |
||
|
22.6.23 |
Stealer |
Bandit is a new information stealer that harvests stored credentials from web browsers, FTP clients, email clients, and targets cryptocurrency wallet applications. |
||
|
22.6.23 |
Stealer |
Drive-by downloads are becoming increasingly common as attackers find new ways to access and exfiltrate sensitive data. |
||
|
22.6.23 |
Stealer |
Album Stealer is disguised as a photo album that drops decoy adult images while performing malicious activity in the background. |
||
|
22.6.23 |
Stealer |
Mystic Stealer is a new information stealer that was first advertised in April 2023 |
||
|
17.6.23 |
Malware |
The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. |
||
| 16.6.23 | Arkei Stealer | Malware | Stealer | Arkei is a stealer that appeared around May 2018. |
| 16.6.23 | Pteranodon | Malware | InfoStealer | Cybergun: Technical Analysis of the Armageddon's Infostealer |
| 16.6.23 |
Stealer |
Downloader / information stealer used by UAC-0056, observed since at least October 2022. |
||
| 16.6.23 |
Backdoor |
This malware was seen during the cyberattacks on Ukrainian state organizations. It is one of two used backdoors written in Go and attributed to UAC-0056 (SaintBear, UNC2589, TA471). |
||
| 16.6.23 |
Backdoor |
This malware was seen during the cyberattacks on Ukrainian state organizations. It is one of two used backdoors written in Go and attributed to UAC-0056 (SaintBear, UNC2589, TA471). |
||
| 16.6.23 |
Stealer |
According to MITRE, OutSteel is a file uploader and document stealer developed with the scripting language AutoIT that has been used by Ember Bear since at least March 2021. |
||
| 16.6.23 |
Destructive |
Destructive malware deployed against targets in Ukraine in January 2022. |
||
| 14.6.23 | Skuld | Malware | InfoStealer | Skuld: The Infostealer that Speaks Golang |
| 14.6.23 | DoubleFinger | Malware | Malware | Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency |
| 13.6.23 | VenomRAT | Malware | RAT | The first messages about VenomRAT started to appear in June 2020. |
| 13.6.23 | DCRat | Malware | RAT | DCRat is a typical RAT that has been around since at least June 2019. |
| 13.6.23 | Amadey | Malware | Malware | Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. |
| 13.6.23 | ScrubCrypt | Malware | Crypter | ScrubCrypt is the rebranded "Jlaive" crypter, with a unique capability of .BAT packing |
|
11.6.23 |
SPECTRALVIPER | Malware | Backdoor | Elastic Security Labs has been tracking an intrusion set targeting large Vietnamese public companies for several months, REF2754. |
|
10.6.23 |
Stealth Soldier | Malware | Backdoor | Check Point Research observed a wave of highly-targeted espionage attacks in Libya that utilize a new custom modular backdoor. |
|
8.6.23 |
PowerDrop |
Malware |
PowerDrop: A New Insidious PowerShell Script for Command and Control Attacks Targets U.S. Aerospace Defense Industry | |
|
8.6.23 |
Loader |
Malware often arrives hand in hand with other malware. |
||
|
3.6.23 |
Malware |
Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,”. |
||
|
3.6.23 |
Malware |
MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT |
||
|
3.6.23 |
Malware |
According to SentinelLabs, this is a VisualBasic-based malware that gathers system and file information and exfiltrates the data using InternetExplorer.Application or Microsoft.XMLHTTP objects. |
||
|
3.6.23 |
Malware |
BabyShark is Microsoft Visual Basic (VB) script-based malware family first seen in November 2018. |
||
|
31.5.23 |
Lojack | Malware | Malware | ASERT recently discovered Lojack agents containing malicious C2s. These hijacked agents pointed to suspected Fancy Bear (a.k.a. APT28, Pawn Storm) domains. |
|
31.5.23 |
RomCom RAT | Malware | RAT | Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. |
|
30.5.23 |
Android |
Predator: Looking under the hood of Intellexa’s Android spyware |
||
|
30.5.23 |
OT malware |
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises |
||
|
25.5.23 |
Backdoor |
An unnamed government entity associated with the United Arab Emirates (U.A.E.) was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. |
||
|
25.5.23 |
PeepingTitle |
Backdoor |
The reason why the attackers drop two variants is to use one for capturing the victim's screen and the second for monitoring windows and the user's interactions with those. |
|
|
25.5.23 |
Trojan |
A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. |
||
|
25.5.23 |
Backdoor |
An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East since at least 2017. |
||
|
25.5.23 |
Android |
It is rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code. |
||
|
25.5.23 |
JackalWorm |
Worm |
A worm that's engineered to infect systems using removable USB drives and install the JackalControl trojan. |
|
|
25.5.23 |
JackalSteal |
Steal |
An implant that's used to find files of interest, including those located in removable USB drives, and transmit them to a remote server. |
|
|
25.5.23 |
Loader |
According to Mandiant, POORTRY is a malware written as a driver, signed with a Microsoft Windows Hardware Compatibility Authenticode signature. |
||
|
25.5.23 |
Loader |
Since Iranian threat actors are known to exploit Exchange servers to deploy additional malware, it is also possible that this driver has been employed alongside Exchange attacks. |
||
|
25.5.23 |
Toolkit |
Operation Groundbait: Analysis of a surveillance toolkit |
||
|
20.5.23 |
PowerShell |
This PowerShell written malware is an in-memory dropper used by FIN7 to execute the included/embedded payload. |
||
|
19.5.23 |
Python |
Stealer with Clipper Making Rounds in a Mass Campaign |
||
|
19.5.23 |
RAT |
ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an open source infostealer that lurked on npm for two months before being detected. |
||
|
19.5.23 |
Android |
It's worth noting that the same technique of modifying the zygote process has also been adopted by another mobile trojan called Triada. |
||
|
18.5.23 |
Stealer |
Zmutzy is a spyware and information stealer Trojan written in Microsoft’s .NET language. |
||
|
18.5.23 |
Trojan |
The Kryptik trojan was created to obtain information on an infected host’s FTP servers. |
||
|
18.5.23 |
Crypt |
ScrubCrypt is the rebranded "Jlaive" crypter, with a unique capability of .BAT packing |
||
|
18.5.23 |
Crypt |
According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021 |
||
|
18.5.23 |
RAT |
Android Spyware is one of the most common kinds of malware used by attackers to gain access to personal data and carry out fraud operations. |
||
|
17.5.2023 |
POORTRY | Malware | Malware | According to Mandiant, POORTRY is a malware written as a driver, signed with a Microsoft Windows Hardware Compatibility Authenticode signature. |
|
16.5.2023 |
MacOS |
The TrafficStealer malware employs open container APIs to redirect web traffic to specific sites and manipulate user interaction with ads. |
||
|
16.5.2023 |
Loader |
According to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. |
||
|
16.5.2023 |
Stealer |
According to PCRIsk, CopperStealer, also known as Mingloa, is a malicious program designed to steal sensitive/personal information. |
||
|
16.5.2023 |
ELF |
The firmware image contained several malicious components, including a custom MIPS32 ELF implant dubbed “Horse Shell” |
||
|
15.5.2023 |
Backdoor |
Merdoor is a fully-featured backdoor that appears to have been in existence since 2018. |
||
|
15.5.2023 |
Worm |
Malware with wide range of capabilities ranging from RAT to ransomware. |
||
|
15.5.2023 |
Linux |
BPFDoor is a passive backdoor used by a China-based threat actor. |
||
|
12.5.2023 |
RAT |
AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. |
||
|
12.5.2023 |
RAT |
Action RAT is a remote access tool written in Delphi that has been used by SideCopy since at least December 2021 against Indian and Afghani government personnel. |
||
|
12.5.2023 |
LOADER |
The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. |
||
|
6.5.23 |
Macro |
Ongoing campaigns use a new malware component we call ReconShark, which is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads, and the execution of malicious macros. |
||
|
6.5.23 |
Downloader |
sLoad is a PowerShell downloader that most frequently delivers Ramnit banker and includes noteworthy reconnaissance features. |
||
|
6.5.23 |
RAT |
goatRat is the name of a remote access trojan (RAT) - a malicious app that allows attackers to take control of an Android device. |
||
|
6.5.23 |
Android |
Nexus is the name of a banking trojan targeting Android Operating Systems (OSes). According to the research done by Cyble analysts, Nexus is the rebranded version of the S.O.V.A. banking trojan. |
||
|
6.5.23 |
Android |
Predator is the name of spyware (malicious software) targeting Android users. Between August and October 2021, the attackers utilized zero-day exploits that targeted Chrome and the Android OS to install Predator spyware implants on Android devices, even those that were fully up-to-date. |
||
|
6.5.23 |
Android |
Goldoson is an Android malware that compiles a list of installed applications and records the history of Wi-Fi and Bluetooth devices, including GPS locations in close proximity. |
||
|
6.5.23 |
Android |
Chameleon is the name of a trojan targeting Android Operating Systems (OSes). |
||
|
6.5.23 |
Android |
Fleckpe is a recently discovered Android Trojan family found on Google Play, which secretly subscribes victims to paid services. |
||
|
5.5.23 |
Code-injection |
Dirty Vanity is a new code-injection technique that abuses forking, a lesser-known mechanism that exists in Windows operating systems. |
||
|
5.5.23 |
RAT |
GravityRAT malware takes your system's temperature |
||
|
5.5.23 |
Android |
New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor |
||
|
5.5.23 |
Spyware |
Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy |
||
|
5.5.23 |
Malware |
Elastic Security Labs discovers the LOBSHOT malware |
||
|
5.5.23 |
Android |
Scarcruft Bolsters Arsenal for targeting individual Android devices |
||
|
5.5.23 |
OSX |
Twitter Thread linking CloudMensis to RokRAT / ScarCruft |
||
|
5.5.23 |
RAT |
It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. |
||
|
28.4.23 |
Stealer |
ViperSoftX: Hiding in System Logs and Spreading VenomSoftX |
||
|
28.4.23 |
RAT |
Targets of Interest - Russian Organizations Increasingly Under Attack By Chinese APTs |
||
|
28.4.23 |
Backdoor |
“PortDoor” is a Chinese Backdoor that targeted ministry and public organizations such as ministry agencies, and industrial plants in East Europe countries (Russia, Belarus and Ukraine) |
||
|
28.4.23 |
Crypto |
A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. |
||
|
28.4.23 |
RAT |
Simple yet powerful RAT for Windows machines. This project is simple and easy to understand, It should give you a general knowledge about dotNET malwares and how it behaves. |
||
|
28.4.23 |
PowerShell |
This PowerShell written malware is an in-memory dropper used by FIN7 to execute the included/embedded payload. |
||
|
28.4.23 |
Linux |
Chinese Alloy Taurus Updates PingPull Malware |
||
|
28.4.23 |
Malware |
The name used by malware developers is BellaCiao, a reference to the Italian folk song about resistance fighting. |
||
|
27.4.23 |
Backdoor |
PowerLess is a PowerShell-based modular backdoor that has been used by Magic Hound since at least 2022. |
||
|
26.4.23 |
OSX |
BlueNoroff APT group targets macOS with ‘RustBucket’ Malware |
||
|
26.4.23 |
RAT |
|
||
|
26.4.23 |
Python |
Tomiris called, they want their Turla malware back |
||
|
26.4.23 |
RAT |
Information stealer which uses AutoIT for wrapping. |
||
|
26.4.23 |
Malware |
Github Repository: RATel |
||
|
26.4.23 |
Backdoor |
FireEye describes SUNBURST as a trojanized SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. |
||
|
26.4.23 |
Backdoor |
Sunburst backdoor – code overlaps with Kazuar |
||
|
26.4.23 |
Malware |
Tomiris called, they want their Turla malware back |
||
|
26.4.23 |
Killer |
According to Sophos, the AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying either a backdoor or ransomware on the target system. |
||
|
24.4.23 |
Stealer |
EvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. |
||
|
20.4.23 |
Android |
Malware Analysis Report (AR19-252A) |
||
|
20.4.23 |
Win |
The Lazarus Constellation A study on North Korean malware |
||
|
20.4.23 |
Backdoor |
Tweet on some unknown threat actor dropping Mgbot, custom IIS modular backdoor and cobalstrike using exploiting ProxyShell |
||
|
20.4.23 |
RAT |
Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. |
||
|
20.4.23 |
Stealer |
According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines. |
||
|
20.4.23 |
CharmPower | Malware | Backdoor | CharmPower is a PowerShell-based, modular backdoor that has been used by Magic Hound since at least 2022. |
|
20.4.23 |
Drokbk | Malware | Backdoor | Drokbk Malware Uses GitHub as Dead Drop Resolver |
|
19.4.23 |
Adware |
A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. |
||
|
19.4.23 |
Spyware |
A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers |
||
|
19.4.23 |
Backdoor |
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor |
||
|
17.4.23 |
Loader |
This loader abuses the benign service Notion for data exchange. |
||
|
17.4.23 |
Military Malware |
NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine |
||
|
14.4.23 |
RAT |
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials |
||
|
14.4.23 |
|
Lazarus DeathNote campaign |
||
|
14.4.23 |
RAT |
According to SentinelOne, this RAT can gather and transmit a defined set of system features, create/terminate/manipulate processes and files, and has self-updating and deletion capability. |
||
|
14.4.23 |
OSX |
|
||
|
12.4.23 |
MacOS |
Contains a monitor agent and the primary malware agent, both of which are Mach-O files written in Objective-C and Go, respectively. |
||
|
12.4.23 |
Stealer |
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack |
||
|
12.4.23 |
Stealer |
Follow-up payload in 3CX supply chain incident, which according to Volexity is an infostealer collecting information about the system and browser using an embedded copy of the SQLite3 library. |
||
|
11.4.23 |
Banking RAT |
Xenomorph is a Android Banking RAT developed by the Hadoken.Security actor. |
||
|
11.4.23 |
Android |
BEWARE: SOVA ANDROID BANKING TROJAN EMERGES MORE POWERFUL WITH NEW CAPABILITIES |
||
|
11.4.23 |
Stealer |
Analyzing Impala Stealer – Payload of the first NuGet attack campaign |
||
|
9.4.23 |
Stealer |
Recently Cyble Research and Intelligence Labs (CRIL) discovered a phishing site mimicking a Cryptocurrency mining platform that was spreading Creal Stealer. |
||
|
8.4.23 |
Stealer |
No Honor Among Thieves - Prynt Stealer’s Backdoor Exposed |
||
|
8.4.23 |
Stealer |
Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities |
||
|
8.4.23 |
RAT |
Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT |
||
|
8.4.23 |
Mobil |
Lookout researchers have discovered a new mobile surveillanceware family, FrozenCell. The threat is likely targeting employees of various Palestinian government agencies, security services, Palestinian students, and those affiliated with the Fatah political party. |
||
|
8.4.23 |
RAT |
ViperRAT is an active, advanced persistent threat (APT) that sophisticated threat actors are actively using to target and spy on the Israeli Defense Force. |
||
|
8.4.23 |
Backdoor |
Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials |
||
|
8.4.23 |
Stealer |
This malware written in Delphi is an information stealing malware family dubbed "MICROPSIA". It has s wide range of data theft functionality built in. |
||
|
7.6.23 |
CryptoMining |
Hackers may hijack AWS infrastructure for a number of reasons. However, the most common motives are to facilitate illicit cryptomining or spamming. While cryptomining is more profitable on infrastructure owned by somebody else, the same can also be said for SMTP abuse and spam. |
||
|
7.6.23 |
MacOS |
Being yet another infostealing malware surfacing in the cybercriminal arena within the latest month, MacStealer gains popularity on the underground forums due to its relatively low price and broad malicious capabilities. To tune up security protections against novel malware strains, security practitioners need a reliable source of detection content to spot possible attacks at the earliest stages of development. |
||
|
7.6.23 |
Linux |
The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides) |
||
|
6.4.23 |
RAT |
Pupy rat is an open source tool for cross-platform remote administration (Windows, Linux, OSX, Android are supported as “clients”) and subsequent exploitation (post-exploitation). Written mostly in Python. |
||
|
6.4.23 |
Linux |
Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts |
||
|
4.4.23 |
Amadey is a botnet that appeared around October 2018 and is being sold for about 500$ on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. |
|||
|
4.4.23 |
Android |
Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware |
||
|
4.4.23 |
BabyShark is Microsoft Visual Basic (VB) script-based malware family first seen in November 2018. The malware is launched by executing the first stage HTA from a remote location, thus it can be delivered via different file types including PE files as well as malicious documents. It exfiltrates system information to C2 server, maintains persistence on the system, and waits for further instruction from the operator |
|||
|
3.4.23 |
Stealer |
The Uptycs Threat Research Team has discovered a new infostealer. Spread by multiple bundlers and new on cybercrime forums, HookSpoofer has keylogging and clipper abilities. (A bundler combines two or more files in a single package.) It sends its stolen data to a Telegram bot. |
||
|
3.4.23 |
Cryptocurrency |
Parallax RAT (aka, ParallaxRAT) has been distributed through spam campaigns or phishing emails (with attachments) since December 2019. The malware performs malicious activities such as reading login credentials, accessing files, keylogging, remote desktop control, and remote control of compromised machines. |
||
|
3.4.23 |
Stealer |
The Uptycs threat research team recently discovered a campaign involving the Titan Stealer malware, which is being marketed and sold by a threat actor (TA) through a Telegram channel for cybercrime purposes. |
||
|
3.4.23 |
MacOS |
Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs. |
||
|
3.4.23 |
RAT |
Action RAT is a remote access tool written in Delphi that has been used by SideCopy since at least December 2021 against Indian and Afghani government personnel. |
||
|
3.4.23 |
Loader |
This Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it. |
||
|
25.3.23 |
TONEINS | Malware | Backdoor | TONEINS is the name of a backdoor malware. This software is designed to open a "backdoor" for additional malicious components or programs into compromised systems. |
|
25.3.23 |
MQsTTang | Malware | Backdoor | MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT |
|
25.3.23 |
BLUEHAZE | Malware | Malware | Mandiant associates this with UNC4191, this malware is a launcher for NCAT to establish a reverse tunnel. |
|
25.3.23 |
MISTCLOAK | Malware | Malware | Mandiant associates this with UNC4191, this malware decrypts and runs DARKDEW. |
|
23.3.23 |
SiestaGraph | Malware | NAPLISTENER: more bad dreams from developers of SIESTAGRAPH | |
|
23.3.23 |
DoorMe | Malware | Update to the REF2924 intrusion set and related campaigns | |
|
23.3.23 |
NAPLISTENER | Malware | Malware | This unique malware sample contains a C# class called MsEXGHealthd that consists of three methods: Main, SetRespHeader, and Listener. |
|
23.3.23 |
VIRTUALGATE (Windows) | Malware | Windows | The Windows guest virtual machines which were hosted by the infected hypervisors also contained a unique malware sample located at C:\Windows\Temp\avp.exe. This malware, which we refer to as VIRTUALGATE, is a utility program written in C that is comprised of two (2) parts, a dropper, and the payload. |
|
23.3.23 |
VIRTUALPITA (LINUX) | Malware | LINUX | Mandiant discovered two (2) additional VIRTUALPITA samples listening on TCP port 7475 that were persistent as an init.d startup service on Linux vCenter systems. To disguise themselves, the binaries shared the name of the legitimate binary ksmd. KSMD (Kernel Same-Page Merging Daemon) is normally in charge of memory-saving de-duplication on Linux and would not be listening on this port. |
|
23.3.23 |
VIRTUALPIE (VMware ESXi) | Malware | VMware ESXi | VIRTUALPIE is a lightweight backdoor written in Python that spawns a daemonized IPv6 listener on a hardcoded port on a VMware ESXi server. It supports arbitrary command line execution, file transfer capabilities, and reverse shell capabilities. Communications use a custom protocol and are encrypted using RC4. |
|
23.3.23 |
VIRTUALPITA (VMware ESXi) | Malware | VMware ESXi | VIRTUALPITA is a 64-bit passive backdoor that creates a listener on a hardcoded port number on a VMware ESXi server. The backdoor often utilizes VMware service names and ports to masquerade as a legitimate service. It supports arbitrary command execution, file upload and download, and the ability to start and stop vmsyslogd. |
|
23.3.23 |
Mispadu | Malware | Banking | According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers. |
|
23.3.23 |
DOTRUNPEX | Malware | RAT | DEMYSTIFYING NEW VIRTUALIZED .NET INJECTOR USED IN THE WILD |
|
23.3.23 |
PowerMagic | Malware | Backdoor | Bad magic: new APT found in the area of Russo-Ukrainian conflict |
|
23.3.23 |
ShellBot | Malware | Linux | ShellBot Malware Being Distributed to Linux SSH Servers |
|
18.3.23 |
BrasDex | Malware | Android | The mobile malware landscape of the LATAM region, more specifically Brazil, has recently risen to prominence in the news due to families like Brata and Amextroll, extending their reach all the way to Europe. |
|
18.3.23 |
PixPirate | Malware | Android | Between the end of 2022 and the beginning of 2023, a new Android banking trojan was discovered by the Cleafy TIR team. Since the lack of information and the absence of a proper nomenclature of this malware family, we decided to dub it PixPirate, to better track this family inside our internal Threat Intelligence taxonomy. |
|
17.3.23 |
||||
|
15.3.23 |
Backdoor |
REDBALDKNIGHT a.k.a BRONZE BUTLER cyberespionage group employ the Daserf backdoor in campaigns. We found that Daserf was not only used on Japanese targets, but also against other countries. We also found versions of Daserf that use steganography. |
||
|
15.3.23 |
Espionage |
YoroTrooper’s main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States (CIS), based on our analysis. We also observed YoroTrooper compromise accounts from at least two international organizations: a critical European Union (EU) health care agency and the World Intellectual Property Organization (WIPO). |
||
|
14.3.23 |
Stealer |
During a threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) discovered a post on the cybercrime forum about an information stealer targeting both Chromium and Mozilla-based browsers. This stealer was named LummaC2 Stealer, which targets crypto wallets, extensions, and two-factor authentication (2FA) and steals sensitive information from the victim’s machine. |
||
|
14.3.23 |
Stealer |
Cyble Research and Intelligence Labs (CRIL) came across a new malware strain called “WhiteSnake” Stealer. The stealer was first identified on cybercrime forums at the beginning of this month. It is designed to extract sensitive information from the victim’s computer. |
||
|
14.3.23 |
Stealer |
Threat Actors (TAs) employ sophisticated techniques to create phishing websites that are designed to appear legitimate and attractive to users. These deceptive sites are carefully crafted to trick unsuspecting users into downloading and executing malware, which can result in stealing the victim’s sensitive data. |
||
|
14.3.23 |
Toolkit |
Credit card sniffers are malicious codes usually programmed in JavaScript and designed to covertly steal payment card information and Personally Identifiable Information (PII) entered by the victim on a compromised e-commerce/merchant website. Sniffer programs are also often termed ‘Online Skimmer’. R3NIN is a recent example of one such sniffer. |
||
|
13.3.23 |
In February 2023, EclecticIQ researchers identified multiple KamiKakaBot malwares which are very likely used to target government entities in ASEAN (Association of Southeast Asian Nations) countries. |
|||
|
11.3.23 |
GoBruteforcer | Malware | Malware | According to researchers with Palo Alto Networks' Unit 42, who first spotted it in the wild and dubbed it GoBruteforcer, the malware is compatible with x86, x64, and ARM architectures. |
|
10.3.23 |
Trojan |
A Trojan for Winows with the same code structure and functionalities of elf.rekoobe, for Linux environment instead. |
||
|
10.3.23 |
RAT |
Netwire is a RAT, its functionality seems focused on password stealing and keylogging, but includes remote control capabilities as well. |
||
|
10.3.23 |
In June 2022, Mandiant Managed Defense detected and responded to an UNC2970 phishing campaign targeting a U.S.-based technology company. |
|||
|
10.3.23 |
In part one on North Korea's UNC2970, we covered UNC2970’s tactics, techniques and procedures (TTPs) and tooling that they used over the course of multiple intrusions. In this installment, we will focus on how UNC2970 utilized Bring Your Own Vulnerable Device (BYOVD) to further enable their operations. |
|||
|
10.3.23 |
RAT |
Xenomorph is a Android Banking RAT developed by the Hadoken.Security actor. |
||
|
10.3.23 |
PlugX | Malware | Malware | PlugX malware through the Chinese remote control programs Sunlogin and Awesun’s remote code execution vulnerability. |
|
7.3.23 |
SYS01stealer | Malware | Stealer | We have seen SYS01 stealer attacking critical government infrastructure employees, manufacturing companies, and other industries. |
|
7.3.23 |
CrimsonRat | Malware | RAT | CrimsonRAT is a remote access Trojan used to take remote control of infected systems and steal data. We know this particular RAT is used by the Transparent Tribe APT group. |
|
7.3.23 |
CapraRAT | Malware | RAT | Most likely active since July 2022, the campaign has distributed CapraRAT backdoors through at least two similar websites, while representing them as untainted versions of those secure messaging apps. |
|
6.3.23 |
ZuoRAT | Malware | RAT | According to Black Lotus Labs, ZuoRAT is a MIPS file compiled for SOHO routers that can enumerate a host and internal LAN, capture packets being transmitted over the infected device and perform person-in-the-middle attacks (DNS and HTTPS hijacking based on predefined rules). |
|
6.3.23 |
Malware | RAT | Just nine months after discovering ZuoRAT – a novel malware targeting small office/home office (SOHO) routers – Lumen Black Lotus Labs® | |
|
4.3.23 |
ATMii | Malware | ATM Malware | While some criminals blow up ATMs to steal cash, others use less destructive methods, such as infecting the ATM with malware and then stealing the money. |
|
4.3.23 |
Skimer | Malware | ATM Malware | Backdoor: Win32/Hesetox.A: vSkimmer POS Malware Analysis |
|
4.3.23 |
ATMitch | Malware | ATM Malware | A look at the ATM/PoS malware landscape from 2017-2019 |
|
4.3.23 |
Alice | Malware | ATM Malware | The following table summarizes the properties of various ATM malware families that we have encountere. |
|
4.3.23 |
RIPPER | Malware | ATM Malware | Cashing in on ATM Malware: A Comprehensive Look at Various Attack Types |
|
4.3.23 |
GreenDispenser | Malware | ATM Malware | On the heels of recent disclosures of ATM malware such as Suceful [1], Plotus [2] and Padpin [3] (aka Tyupkin), Proofpoint research has discovered yet another variant of ATM malware, which we have dubbed GreenDispenser. |
|
4.3.23 |
SUCEFUL | Malware | ATM Malware | If you answered ‘c’ you might be correct! FireEye Labs discovered a new piece of ATM malware (4BDD67FF852C221112337FECD0681EAC) that we detect as Backdoor.ATM.Suceful |
|
4.3.23 |
Prilex | Malware | ATM Malware | Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. |
|
4.3.23 |
Ploutus | Malware | ATM Malware | Ploutus, one of the most sophisticated ATM malware families worldwide, is back with a new variant focused on Latin America. |
|
4.3.23 |
FiXS | Malware | ATM Malware | ATMs are a core part of the financial system, providing users access to their money anytime at different physical locations. |
|
3.3.23 |
MQsTTang | Malware | Backdoor | Mustang Panda is known for its customized Korplug variants (also dubbed PlugX) and elaborate loading chains. In a departure from the group’s usual tactics, MQsTTang has only a single stage and doesn’t use any obfuscation techniques. |
|
2.3.23 |
Linux |
Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users |
||
|
2.3.23 |
RAT |
HyperBro is a RAT that has been observed to target primarily within the gambling industries, though it has been spotted in other places as well. |
||
|
2.3.23 |
Sideloader used by EmissaryPanda |
|||
| 2.3.23 | GootLoader | Malware | Malware | Gootloader Malware Leads to Cobalt Strike and Hand-on-Keyboard Activity |
| 2.3.23 | FAKEUPDATES | Malware | Malware | FAKEUPDATES is a downloader written in JavaScript that communicates via HTTP. Supported payload types include executables and JavaScript. It writes the payloads to disk prior to launching them. |
| 1.3.23 | BlackLotus | Malware | UEFI bootkit | The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality. |
|
28.2.23 |
BitRAT | Malware | RAT | According to Bitdefender, BitRAT is a notorious remote access trojan (RAT) marketed on underground cybercriminal web markets and forums. Its price tag of $20 for lifetime access makes it irresistible to cybercriminals and helps the malicious payload spread. |
|
27.2.23 |
VHD malware |
A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. |
||
|
27.2.23 |
Stealer |
According to
zscaler, PureCrypter is a fully-featured loader being sold since at
least March 2021 |
||
|
27.2.23 |
RAT |
RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. Once the device is infected, an attacker can remotely execute several kinds of commands on the affected system. |
||
|
27.2.23 |
Crypto-mining tool |
Evasive cryptojacking malware targeting macOS found lurking in pirated applications. |
||
|
23.2.23 |
Backdoor |
Atharvan is so-named because when the malware is run, it creates a mutex named: "SAPTARISHI-ATHARVAN-101" to ensure that only one copy is running. |
||
|
23.2.23 |
RAT |
New Ransomware Groups On The Rise: “RedAlert,” LILITH And 0mega Leading A Wave Of Ransomware Campaigns |
||
|
23.2.23 |
WM virus |
Under the hood of Wslink’s multilayered virtual machine |
||
|
23.2.23 |
Stealer |
S1deload Stealer relies on DLL sideloading techniques to run its malicious components. It uses a legitimate, digitally-signed executable that inadvertently loads malicious code if clicked. |
||
|
21.2.23 |
Stealc | Malware | Stealer | Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1 |
|
21.2.23 |
ReverseRAT | Malware | RAT | APT SideCopy Targeting Indian Government Entities - Analysis of the new version of ReverseRAT |
|
18.2.23 |
WhiskerSpy | Malware | Backdoor | Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as Earth Kitsune, known for targeting individuals showing an interest in North Korea. |
|
18.2.23 |
RambleOn | Malware | Android | The malware has multiple stages, payloads and exfiltrates data from the Android device continually. Below, we describe in simple steps how the malware executes and compromises its victims. |
|
18.2.23 |
OxtaRAT | Malware | RAT | Operation Silent Watch: Desktop Surveillance in Azerbaijan and Armenia |
|
18.2.23 |
FatalRat |
RAT |
'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks | |
| 15.2.23 | M2RAT | Malware | RAT | The RedEyes group is known to steal personal PC information as well as mobile phone data targeting specific individuals, not companies. The main characteristics of this RedEyes group attack case are the use of the Hangul EPS vulnerability and the spread of malicious code using the steganography technique. |
| 15.2.23 | GOLDBACKDOOR | Malware | Backdoor | Stairwell assesses with medium-high confidence that GOLDBACKDOOR is the successor of, or used in parallel with, the malware BLUELIGHT, attributed to APT37 / Ricochet Chollima. This assessment is based on technical overlaps between the two malware families and the impersonation of NK News, a South Korean news site focused on the DPR |
| 15.2.23 | Beep | Malware | Dropper | Once we dug into this sample, we observed the use of a significant amount of evasion techniques. It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find. One such technique involved delaying execution through the use of the Beep API function, hence the malware’s name. |
| 14.2.23 | ShadowPad | Malware | Malware | Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning |
| 14.2.23 | QUICKMUTE | Malware | Malware | QuickMute is a malware developed using the C/C++ programming language. Functionally provides download, RC4 decryption, and in-memory launch of the payload (waiting for a PE file with the export function "HttpsVictimMain"). To communicate with the management server, a number of protocols are provided, in particular: TCP, UDP, HTTP, HTTPS. |
| 14.2.23 | Clipper | Malware | Android | First clipper malware discovered on Google Play |
| 14.2.23 | Rhadamanthys | Malware | Stealer | Rhadamanthys is a stealer trojan that is written in C++ and compiled on 2022-08-22, according to the information received from the hacker, Stealer is still under development. |
| 12.2.23 | VectorStealer | Malware | Stealer | Information stealers are malware designed to steal sensitive information from infected computers, such as login credentials, financial data, and personal information |
| 12.2.23 | Enigma Stealer | Malware | Stealer | We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures. |
| 11.2.23 | BumbleBee | Malware | Malware | This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE. At the time of Analysis by Google's Threat Analysis Group (TAG) BumbleBee was observed to fetch Cobalt Strike Payloads. |
| 11.2.23 | Anchor | Malware | Backdoor | Anchor is a sophisticated backdoor served as a module to a subset of TrickBot installations. Operating since August 2018 it is not delivered to everybody, but contrary is delivered only to high-profile targets. Since its C2 communication scheme is very similar to the one implemented in the early TrickBot, multiple experts believe it could be attributed to the same authors. |
| 11.2.23 | BazarBackdoor | Malware | Backdoor | BazarBackdoor is a small backdoor, probably by a TrickBot "spin-off" like anchor. Its called team9 backdoor (and the corresponding loader: team9 restart loader). |
| 11.2.23 | Diavol | Malware | Ransomware | A ransomware with potential ties to Wizard Spider. |
| 11.2.23 | Cl0p ELF Variant Files Decryptor | Malware | Anti-Ransom Tool | Python3 script which decrypts files encrypted by flawed Cl0p ELF variant. |
| 11.2.23 | Ghost RAT | Malware | RAT | According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth. |
| 11.2.23 | Formbook | Malware | Crypter | FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware. |
| 11.2.23 | CloudEyE | Malware | RAT | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. |
| 11.2.23 | PixPirate | Malware | Banking Malware | That said, on top of this evolution, one of the most crucial elements which have been disrupting the current state-of-art of anti-fraud departments is Instant Payments. |
| 9.2.23 | NewsPenguin | Malware | Advanced Espionage Tool | A previously unknown threat actor is targeting organizations in Pakistan using a complex payload delivery mechanism. The threat actor abuses the upcoming Pakistan International Maritime Expo & Conference (PIMEC-2023) as a lure to trick their victims. |
| 9.2.23 | GootLoader | Malware | Malware | THREAT ALERT: GootLoader - SEO Poisoning and Large Payloads Leading to Compromise |
| 8.2.23 | GraphSteel | Malware | Military Malware | This malware was seen during the cyberattacks on Ukrainian state organizations. It is one of two used backdoors written in Go and attributed to UAC-0056 (SaintBear, UNC2589, TA471). |
| 8.2.23 | GrimPlant | Malware | Military Malware | This malware was seen during the cyberattacks on Ukrainian state organizations. It is one of two used backdoors written in Go and attributed to UAC-0056 (SaintBear, UNC2589, TA471). |
| 8.2.23 | Graphiron | Malware | Military Malware | Russia-linked Nodaria group has deployed a new threat designed to steal a wide range of information from infected computers. |
| 8.2.23 | Remcos | Malware | RAT |
Remcos (acronym of Remote Control & Surveillance
Software) is a Remote Access Software used to remotely control
computers. Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user. Remcos can be used for surveillance and penetration testing purposes, and in some instances has been used in hacking campaigns. |
|
7.2.23 |
Backdoor |
We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers. |
||
|
4.2.23 |
PoS Malware |
Prilex is a singular threat actor that has evolved from ATM-focused malware into unique modular PoS malware—actually, the most advanced PoS threat we have seen so far, |
||
|
4.2.23 |
Wiper |
Industroyer is a malware framework considered to have been used in the cyberattack on Ukraine’s power grid on December 17, 2016. The attack cut a fifth of Kiev, the capital, off power for one hour. It is the first ever known malware specifically designed to attack electrical grids. | ||
| 4.2.23 | Industroyer 2 | Malware | Wiper | Overview of the Cyber Weapons Used in the Ukraine - Russia War |
|
4.2.23 |
Wiper |
A conflict in cyberspace is unfolding parallel to the conflict between Russia and Ukraine on the ground. Cyberattacks are being lobbed against both Russian and Ukrainian sides, with a new wiper directed against Russia joining the fray. |
||
|
4.2.23 |
Wiper |
There is no description at this point. | ||
|
4.2.23 |
Wiper |
According to SentinelLabs, HermeticWiper is a custom-written application with very few standard functions. It abuses a signed driver called "empntdrv.sys" which is associated with the legitimate Software "EaseUS Partition Master Software" to enumerate the MBR and all partitions of all Physical Drives connected to the victims Windows Device and overwrite the first 512 Bytes of every MBR and Partition it can find, rendering them useless. | ||
|
3.2.23 |
Wiper |
CaddyWiper is another destructive malware believed to be deployed to target Ukraine. | ||
|
3.2.23 |
Cyber criminals increasingly rely on packers to carry out their malicious activities. The packer, also referred to as “Crypter” and “FUD” on hacking forums, makes it harder for antivirus programs to detect the malicious code. By using a packer, malicious actors can spread their malware more easily with fewer repercussions |
|||
|
3.2.23 |
Stealer |
The Uptycs threat research team recently discovered a campaign involving the Titan Stealer malware, which is being marketed and sold by a threat actor (TA) through a Telegram channel for cybercrime purposes. |
||
|
28.1.23 |
The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions. |
|||
|
28.1.23 |
From November 2017 to October 2018, we attributed 14 campaigns to the GC threat actors that used a specific MaaS provider (hereinafter “the Provider”) offered by a known individual (hereinafter “the Provider Operator”). |
|||
|
28.1.23 |
RAT |
Orcus has been advertised as a Remote Administration Tool (RAT) since early 2016. It has all the features that would be expected from a RAT and probably more. |
||
|
28.1.23 |
RAT |
Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation |
||
|
28.1.23 |
RAT |
CageyChameleon Malware is a VBS-based backdoor which has the capability to enumerate the list of running processes and check for the presence of several antivirus products. CageyChameleon will collect user host information, system current process information, etc. The collected information is sent back to the C2 server, and continue to initiate requests to perform subsequent operations. |
||
|
27.1.23 |
RAT |
StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations |
||
|
27.1.23 |
RAT |
According to Securonix, this malware exhibits remote access trojan (RAT) behavior, allowing for control of and persistence on the affected host. |
||
|
22.1.23 |
Android |
Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. |
||
|
20.1.23 |
Linux malware |
Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware. |
||
|
20.1.23 |
Military Malware |
The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. |
||
|
20.1.23 |
Banking Malware |
On July 23 a forum post appeared regarding a new Android banking trojan. The attached screenshots show that it is named ERMAC |
||
|
20.1.23 |
Banking Malware |
Around May 2020 ThreatFabric analysts have uncovered a new strain of banking malware dubbed BlackRock that looked pretty familiar. |
||
|
20.1.23 |
RAT |
We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa. |
||
|
17.1.23 |
Stealer |
Team Cymru’s S2 Research Team has blogged previously on the initial Raccoon stealer command and control methodology (Raccoon Stealer - An Insight into Victim “Gates”), which utilized “gate” IP addresses to proxy victim traffic / data to static threat actor-controlled infrastructure. |
||
|
17.1.23 |
Military Malware |
Hive solves a critical problem for the malware operators at the CIA. |
||
|
14.1.23 |
SpyMalware |
EyeSpy - Iranian Spyware Delivered in VPN Installers |
||
|
14.1.23 |
RAT |
Let’s take a look at a recent sample of the Java-based malware known as STRRAT. |
||
|
14.1.23 |
Stealer |
information stealer dubbed StrelaStealer that's spread as a DLL/HTML polyglot. |
||
|
10.1.23 |
Android Backdoor |
This StrongPity backdoor has various spying features: its 11 dynamically triggered modules are responsible for recording phone calls, collecting SMS messages, lists of call logs, contact lists, and much more. |
||
|
9.1.23 |
Crypto Malware |
Kinsing is a known malware that targets Linux environments for cryptocurrency purposes. Kinsing uses some unique techniques that target containerized environments, making it also common in Kubernetes clusters. The evolving behavior of Kinsing has been analyzed in several different blog posts. |
||
|
9.1.23 |
PyPI malware |
In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems. |
||
|
9.1.23 |
Military Malware |
"UNC4210 re-registered at least three expired ANDROMEDA command-and-control (C2) domains and began profiling victims to selectively deploy KOPILUWAK and QUIETCANARY in September 2022 |
||
|
9.1.23 |
Rootkit |
We analyzed the infection routine used in recent Gootkit loader attacks on the Australian healthcare industry and found that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player. |
||
|
9.1.23 |
MacOS malware |
Originally, this post claimed that Dridex had returned. However, further research and analysis has led us to believe that the initial conclusion was incorrect. |
||
|
9.1.23 |
RAT |
A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. |
||
|
9.1.23 |
Malware |
Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. |
||
|
9.1.23 |
Android RAT |
Android Spyware is one of the most common kinds of malware used by attackers to gain access to personal data and carry out fraud operations. |
||
|
9.1.23 |
Stealer |
Vidar Malware is one of the activRaspberry Robine Infostealers, and its distribution has been significantly increasing. Its characteristics include the use of famous platforms such as Telegram and Mastodon as an intermediary C2. |
||
|
9.1.23 |
Malware Linux |
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. |
||
|
9.1.23 |
Worm |
Recent attacks documented in previous months seem to be orchestrated by hacking groups using a framework called Raspberry Robin. |
||
|
9.1.23 |
Backdoor Linux |
is a trojan application for 32-bit and 64-bit Linux operating systems that targets x86-compatible devices. |
||
|
9.1.23 |
Backdoor Linux |
is a trojan application for 32-bit and 64-bit Linux operating systems that targets x86-compatible devices. The backdoor is written in the Go (Golang) programming language and executes attackers’ commands. |
||
| 22.1.23 | Wroba | Malware | Android | Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. |