WOKMALWARE
HOME Adware Android App Apple APT Backdoor Banking Bootkit Bot CoinMiner Crypto Cryptomining CyberSpy Downloader Dropper ELF FUD Engine GO base ICS InfoStealer iOS Java JavaScript Keylogger Loader macOS Macro Mobil App OSX PyPI Python RAT Rootkit Spy Spyware Stealer Tool Trojan VBA VBS Wipper Worm
2024 2023 2022
DATE | NAME | CATEGORY | SUBC | info |
27.9.24 | DCRat | MALWARE | RAT | DCRat Targets Users with HTML Smuggling |
27.9.24 | FPSpy | MALWARE | BACKDOOR | Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy |
27.9.24 | KLogEXE | MALWARE | KEYLOGGER | Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy |
25.9.24 | Taliban Stealer | MALWARE | Stealer | Cyfirma researchers have discovered a website promoting a tool called 'Taliban Stealer'. Once executed, this stealer prompts the user to select what data to collect from the machine, such as passwords, cookies, or cryptocurrency wallets. |
25.9.24 | Rage Stealer | MALWARE | Stealer | A Comprehensive Analysis of Angry Stealer : Rage Stealer in a New Disguise |
25.9.24 | X-FILES Stealer | MALWARE | Stealer | X-FILES Stealer: Advanced malware with sophisticated features and ongoing enhancements |
25.9.24 | QWERTY Stealer | MALWARE | Stealer | QWERTY is a newly discovered infostealer variant observed being hosted on a Linux-based virtual private server located in Germany with limited service exposure. |
25.9.24 | et Another Silly Stealer (YASS) | MALWARE | Stealer | There's Something About CryptBot: Yet Another Silly Stealer (YASS) |
25.9.24 | POWERSHELL KEYLOGGER | MALWARE | Keylogger | At CYFIRMA, we are dedicated to delivering timely insights into emerging threats and malicious tactics that pose risks to both organizations and individuals. This report offers an analysis of a newly identified keylogger that operates via a PowerShell script. |
25.9.24 | Poseidon | MALWARE | Stealer | Poseidon Stealer Uses Sora AI Lure to Infect macOS |
25.9.24 | Luxy | MALWARE | Stealer | Luxy: A Stealer and a Ransomware in one |
25.9.24 | Gomorrah | MALWARE | Stealer | Gomorrah Stealer v5.1: An In-Depth Analysis of a .NET-Based Malware |
25.9.24 | Emansrepo | MALWARE | Stealer | In August 2024, FortiGuard Labs observed a python infostealer we call Emansrepo that is distributed via emails that include fake purchase orders and invoices. |
25.9.24 | BLX (aka XLABB) | MALWARE | Stealer | BLX Stealer known also as XLABB Stealer is a malware variant initially discovered back last year. New activity attributed to this infostealer has been observed in the wild. |
25.9.24 | RomCom RAT | MALWARE | RAT | Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware |
25.9.24 | Splinter | MALWARE | Tool Exploit | Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool |
25.9.24 | SpAIware | MALWARE | Spyware AI | Spyware Injection Into Your ChatGPT's Long-Term Memory (SpAIware) |
24.9.24 | Octo2 | MALWARE | Android | Octo2: European Banks Already Under Attack by New Malware Variant |
24.9.24 | Necro | MALWARE | TROJAN | How the Necro Trojan infiltrated Google Play, again |
23.9.24 | PondRAT | MALWARE | RAT | Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors |
19.9.24 | SambaSpy | MALWARE | RAT | Exotic SambaSpy is now dancing with Italian users |
18.9.24 | MISTPEN | MALWARE | Backdoor | An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader |
17.9.24 | RustDoor | MALWARE | CRYPTOCURRENCY | North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware |
14.9.24 | TrickMo | MALWARE | Banking | A new TrickMo saga: from Banking Trojan to Victim's Data Leak |
14.9.24 | Hadooken | MALWARE | Linux | Hadooken Malware Targets Weblogic Applications |
13.9.24 | Ajina.Banker | MALWARE | Banking | Ajina attacks Central Asia: Story of an Uzbek Android Pandemic |
13.9.24 | MALWARE | TV | Void captures over a million Android TV boxes | |
13.9.24 | Spearal | MALWARE | ISS Backdoor | Targeted Iranian Attacks Against Iraqi Government Infrastructure |
13.9.24 | Veaty | MALWARE | ISS Backdoor | Targeted Iranian Attacks Against Iraqi Government Infrastructure |
9.9.24 | WhisperGate | MALWARE | Wrapper | WhisperGate is a multi-stage wiper designed to look like ransomware that has been used against multiple government, non-profit, and information technology organizations in Ukraine since at least January 2022. |
9.9.24 | Android SpyAgent | MALWARE | Android | New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition |
9.9.24 | Loki | MALWARE | Backdoor | Loki: a new private agent for the popular Mythic framework |
9.9.24 | TIDRONE | MALWARE | Military Malware | TIDRONE Targets Military and Satellite Industries in Taiwan |
8.9.24 | COVERTCATCH | MALWARE | Python | North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams |
5.9.24 | KTLVdoor | MALWARE | Backdoor | Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion |
5.9.24 | WikiLoader | MALWARE | Loader | Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant |
5.9.24 | Rocinante | MALWARE | Trojan | Rocinante: The trojan horse that wanted to fly |
30.8.24 | Masquerades | MALWARE | Backdoor | Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool |
30.8.24 | noMu Backdoor | MALWARE | Backdoor | APT Attack Case Analysis Report Using noMu Backdoor |
28.8.24 | HZ Rat | MALWARE | MacOS | HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat |
26.8.24 | NGate | MALWARE | Android | NGate Android malware relays NFC traffic to steal cash |
25.8.24 | sedexp | MALWARE | Linux | Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules |
24.8.24 | PEAKLIGHT | MALWARE | Downloader | PEAKLIGHT: Decoding the Stealthy Memory-Only Malware |
23.8.24 | Cthulhu | MALWARE | MacOS | From the Depths: Analyzing the Cthulhu Stealer Malware for macOS |
23.8.24 | FM11RF08S | MALWARE | Backdoor | MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors |
22.8.24 | PG_MEM | MALWARE | CRYPTOCURRENCY | PG_MEM: A Malware Hidden in the Postgres Processes |
21.8.24 | MoonPeak | MALWARE | RAT | MoonPeak malware from North Korean actors unveils new details on attacker infrastructure |
21.8.24 | Styx | MALWARE | Stealer | Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove |
21.8.24 | TodoSwift | MALWARE | MacOS | TodoSwift Disguises Malware Download Behind Bitcoin PDF |
21.8.24 | CharmingCypress | MALWARE | Families | CharmingCypress: Innovating Persistence |
21.8.24 | UULoader | MALWARE | Loader | Meet UULoader: An Emerging and Evasive Malicious Installer. |
21.8.24 | NUMOZYLOD | MALWARE | Maas | Finding Malware: Unveiling NUMOZYLOD with Google Security Operations |
16.8.24 | SharpRhino | MALWARE | RAT | SharpRhino – New Hunters International RAT Identified by Quorum Cyber |
16.8.24 | ValleyRAT | MALWARE | RAT | A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers |
16.8.24 | Cuckoo | MALWARE | MacOS | Update: Cuckoo Malware Evolves |
16.8.24 | BANSHEE | MALWARE | MacOS | Beyond the wail: deconstructing the BANSHEE infostealer |
7.8.24 | GoGra | MALWARE | Backdoor | Cloud Cover: How Malicious Actors Are Leveraging Cloud Services |
7.8.24 | Chameleon | MALWARE | Mobil Trojan | Chameleon is back in Canada and Europe |
6.8.24 | LianSpy | MALWARE | Android | LianSpy: new Android spyware targeting Russian users |
5.8.24 | STRRAT | MALWARE | RAT | Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware |
5.8.24 | BlankBot | MALWARE | Android Banking | BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities |
5.8.24 | StormBamboo | MALWARE | Backdoor | StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms |
3.8.24 | BITSLOTH | MALWARE | Backdoor | BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor |
2.8.24 | BingoMod | MALWARE | RAT | BingoMod: The new android RAT that steals money and wipes data |
2.8.24 | RAT | A trojan for Linux with a wide range of functions and the ability to be remotely controlled via a Telegram bot. The source code is written in Go and encrypted with RSA. | ||
2.8.24 | RAT | At the first stage, the dropper checks the parameters (arguments) used for its launch: this impacts the intermediate persistence stage. If there are input arguments, the add_payload stage begins (named after the function that performs it). | ||
2.8.24 | SMS | Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps | ||
2.8.24 | Spyware | Mandrake spyware sneaks onto Google Play again, flying under the radar for two years | ||
2.8.24 | Loader | Phishing targeting Polish SMBs continues via ModiLoader | ||
27.7.24 | ExelaStealer | MALWARE | Stealer | Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65): |
27.7.24 | Handala’s Wiper | MALWARE | Wipper | CrowdStrike’s Falcon agent caused downtime for millions of computers across the globe beginning July 19. This event caused panic and chaos, which threat actors quickly latch on to gain an edge over defenders. |
25.7.24 | ACR Stealer | MALWARE | Stealer | ACR Stealer is an information stealer advertised by a threat actor operating under the pseudonym SheldIO, on Russian-speaking cybercrime forums. It is sold as a Malware-as-a-Service (MaaS) since March 2024. |
24.7.24 | macOS | Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma | ||
24.7.24 | FrostyGoop | MALWARE | ICS | Impact of FrostyGoop ICS Malware on Connected OT Systems |
23.7.24 | SocGholish | MALWARE | Downloader | Fake Browser Updates Lead to BOINC Volunteer Computing Software |
20.7.24 | AuKill | MALWARE | Tool | ‘AuKill’ EDR killer malware abuses Process Explorer driver |
20.7.24 | BUGSLEEP | MALWARE | Backdoor | BugSleep is a backdoor designed to execute the threat actors’ commands and transfer files between the compromised machine and the C&C server. |
19.7.24 | Demodex | MALWARE | Rootkit | A Comprehensive Look at the Updated Infection Chain of Ghost Emperor’s Demodex Rootkit. |
19.7.24 | OilAlpha | MALWARE | Mobil App | OilAlpha Malicious Applications Target Humanitarian Aid Groups Operating in Yemen |
18.7.24 | HotPage | MALWARE | Adware | HotPage: Story of a signed, vulnerable, ad-injecting driver |
18.7.24 | BeaverTail | MALWARE | Stealer | North Korean Hackers Update BeaverTail Malware to Target MacOS Users |
16.7.24 | BUGSLEEP | MALWARE | Backdoor | NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS |
15.7.24 | SYS01 Stealer | MALWARE | Stealer | How SYS01 Stealer Will Get Your Sensitive Facebook Info |
13.7.24 | DarkGate | MALWARE | RAT | DarkGate: Dancing the Samba With Alluring Excel Files |
11.7.24 | DodgeBox | MALWARE | Loader | DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1 |
11.7.24 | Poco RAT | MALWARE | RAT | New Malware Campaign Targeting Spanish Language Victims |
10.7.24 | ViperSoftX | MALWARE | Python | The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution |
9.7.24 | GuardZoo | MALWARE | Android | Lookout Discovers Houthi Surveillanceware Targeting Middle Eastern Militaries |
8.7.24 | StrelaStealer | MALWARE | Stealer | StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe |
8.7.24 | Satanstealer | MALWARE | Stealer | Satanstealer is a new open source infostealing malware shared on GitHub. The malware collects and exfiltrates various types of information such as browser cookies, passwords, registered phone numbers, and email client details. |
8.7.24 | Poseidon | MALWARE | Stealer | ‘Poseidon’ Mac stealer distributed via Google ads |
8.7.24 | 0bj3ctivity | MALWARE | Stealer | 0bj3ctivity is an infostealer variant first observed last year in campaigns targeting Italy. A new campaign delivering this malware yet again to Italian users has been reported by CERT-AGID. |
8.7.24 | Neptune Stealer | MALWARE | Stealer | A new malware strain dubbed Neptune Stealer has been uncovered by researchers. This malware quietly infiltrates systems to extract passwords and financial data, operating discreetly and customizing itself to evade detection. |
8.7.24 | Kematian Stealer | MALWARE | Stealer | Kematian-Stealer : A Deep Dive into a New Information Stealer |
8.7.24 | Mekotio | MALWARE | Banking | Mekotio Banking Trojan Threatens Financial Systems in Latin America |
5.7.24 | GootLoader | MALWARE | Loader | GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks |
4.7.24 | MerkSpy | MALWARE | Spyware | MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems |
3.7.24 | SmokeLoader, part 2 | MALWARE | Loader | A Brief History of SmokeLoader, Part 2 |
3.7.24 | SmokeLoader, part 1 | MALWARE | Loader | A Brief History of SmokeLoader, Part 1 |
3.7.24 | FakeBat loader | MALWARE | Loader | Exposing FakeBat loader: distribution methods and adversary infrastructure |
3.7.24 | HappyDoor | MALWARE | Backdoor | Kimsuky Group's New Backdoor Appears (HappyDoor) |
3.7.24 | Xctdoor | MALWARE | Backdoor | Xctdoor Malware Used in Attacks Against Korean Companies (Andariel) |
1.7.24 | CapraTube | MALWARE | Android | CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts |
1.7.24 | Snowblind | MALWARE | Android | Beware of Snowblind: A new Android malware |
20.6.24 | SquidLoader | MALWARE | Loader | LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations |
18.6.24 | Hijack Loader | MALWARE | Loader | Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion |
17.6.24 | COATHANGER | MALWARE | RAT | Ministry of Defence of the Netherlands uncovers COATHANGER,a stealthy Chinese FortiGate RAT |
17.6.24 | BadSpace | MALWARE | Backdoor | Backdoor BadSpace delivered by high-ranking infected websites |
17.6.24 | NiceRAT | MALWARE | RAT | Botnet Installing NiceRAT Malware |
15.6.24 | DISGOMOJI | MALWARE | Linux | DISGOMOJI Malware Used to Target Indian Government |
15.6.24 | Grandoreiro | MALWARE | Banking | Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale |
14.6.24 | Script RAT | MALWARE | RAT | In Bad Company: JScript RAT and CobaltStrike |
14.6.24 | SSLoad Malware | MALWARE | Loader | Dissecting SSLoad Malware: A Comprehensive Technical Analysis |
13.6.24 | Noodle RAT | MALWARE | RAT | Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups |
13.6.24 | WARMCOOKIE | MALWARE | Backdoor | Dipping into Danger: The WARMCOOKIE backdoor |
12.6.24 | ValleyRAT | MALWARE | RAT | Technical Analysis of the Latest Variant of ValleyRAT |
11.6.24 | More_eggs | MALWARE | Backdoor | More_eggs Activity Persists Via Fake Job Applicant Lures |
7.6.24 | Stealer | SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign | ||
7.6.24 | Trojan | Muhstik Malware Targets Message Queuing Services Applications | ||
6.6.24 | App | BoxedApp products are general packers built on top of its SDK, which provides the ability to create Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking). | ||
6.6.24 | Stealer | Russia-linked 'Lumma' crypto stealer now targets Python devs | ||
5.6.24 | RAT | During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans (RATs) by malicious actors. | ||
3.6.24 | Stealer | Fake Browser Updates delivering BitRAT and Lumma Stealer | ||
3.6.24 | RAT | Fake Browser Updates delivering BitRAT and Lumma Stealer | ||
30.5.24 | AhMyth | Malware | Android | AhMyth is malware that spreads through a few different infection vectors and uses various means to collect and exfiltrate sensitive information from infected devices. |
30.5.24 | RedTail | Malware | Cryptocurrency | RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit |
30.5.24 | PyPI crypto-stealer | Malware | Python | PyPI crypto-stealer targets Windows users, revives malware campaign |
29.5.24 | AllaSenha | Malware | RAT | ALLASENHA: ALLAKORE VARIANT LEVERAGES AZURE CLOUD C2 TO STEAL BANKING DETAILS IN LATIN AMERICA |
25.5.24 | RAT | BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. | ||
25.5.24 | RAT | Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy | ||
22.5.24 | SolarMarker | Malware | InfoStealer | Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware |
21.5.24 | No-Justice | Malware | Wipper | No-Justice Wiper - Wiper attack on Albania by Iranian APT) |
21.5.24 | Cl Wiper | Malware | Wipper | Iranian State Actors Conduct Cyber Operations Against the Government of Albania |
20.5.24 | LATRODECTUS | Malware | Loader | The LATRODECTUS loader evolves to deliver ICEDID and other malware |
20.5.24 | Grandoreiro | Malware | Banking | Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns |
18.5.24 | SugarGh0st RAT | Malware | RAT | Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts |
18.5.24 | Springtail | Malware | Backdoor | More than one legitimate software package was modified to deliver malware in North Korean group’s recent campaign against South Korean organizations. |
16.5.24 | LunarMail | Malware | APT | ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs |
16.5.24 | LunarWeb | Malware | APT | ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs |
11.5.24 | zEus | Malware | Stealer | zEus Stealer Distributed via Crafted Minecraft Source Pack |
10.5.24 | Coper | Malware | Android | Coper is a descendant of ExoBotCompat, which was a rewritten version of Exobot. |
8.5.24 | Loader | HijackLoader (a.k.a. IDAT Loader) is a malware loader initially spotted in 2023 that is capable of using a variety of modules for code injection and execution. | ||
7.5.24 | Stealer | Post-infection traffic triggers signatures for Win32/MetaStealer Related Activity from the EmergingThreats Pro (ETPRO) ruleset. | ||
7.5.24 | VBS | CharmingCypress: Innovating Persistence | ||
7.5.24 | Python | Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion | ||
6.5.24 | Apple | Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware | ||
3.5.24 | Trojan | The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers. | ||
3.5.24 | Backdoor | Playing Possum: What's the Wpeeper Backdoor Up To? | ||
3.5.24 | Trojan | Graph: Growing number of threats leveraging Microsoft API | ||
1.5.24 | Trojan | Zloader Learns Old Tricks | ||
27.4.24 | Brokewell | Malware | Android | Brokewell: do not go broke from new banking malware! |
27.4.24 | Kaolin RAT | Malware | RAT | From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams |
25.4.24 | Pupy RAT | Malware | RAT | Analysis of Pupy RAT Used in Attacks Against Linux Systems |
25.4.24 | GuptiMiner | Malware | Cryptocurrency | GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining |
24.4.24 | CoralRaider | Malware | Stealer | Suspected CoralRaider continues to expand victimology using three information stealers |
22.4.24 | Redline Stealer | Malware | Stealer | A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior. |
19.4.24 | Deuterbear | Malware | Loader | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear |
19.4.24 | OfflRouter | Malware | VBA Macro | OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal |
19.4.24 | CR4T | Malware | Backdoor | CR4t Malware: A Shape-Shifting Threat — Threat Intelligence Report |
18.4.24 | SoumniBot | Malware | Android Banking | SoumniBot: the new Android banker’s unique techniques |
18.4.24 | MadMxShell | Malware | Backdoor | Malvertising campaign targeting IT teams with MadMxShell |
18.4.24 | Kapeka | Malware | Backdoor | Kapeka: A novel backdoor spotted in Eastern Europe |
15.4.24 | LightSpy | Malware | ios | LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India |
11.4.24 | FUD Engine | Analyzing the FUD Malware Obfuscation Engine BatCloak | ||
11.4.24 | RAT | eXotic Visit campaign: Tracing the footprints of Virtual Invaders | ||
10.4.24 | Smoke | Malware | Backdoor | Smoke and (screen) mirrors: A strange signed backdoor |
9.4.24 | ScrubCrypt | Malware | Crypto | ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins |
8.4.24 | Latrodectus | Malware | Downloader | Latrodectus: This Spider Bytes Like Ice |
8.4.24 | SecTopRAT | Malware | RAT | Bing ad for NordVPN leads to SecTopRAT |
5.4.24 | Rhadamanthys | Malware | Stealer | Rhadamanthys Malware Disguised as Groupware Installer (Detected by MDS) |
5.4.24 | JSOutProx | Malware | Tool | Resecurity has detected a new version of JSOutProx, targeting financial services and organizations in the APAC and MENA regions. JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET. |
5.4.24 | Byakugan | Malware | infostealer | Byakugan – The Malware Behind a Phishing Attack |
5.4.24 | VietCredCare | Malware | Stealer | Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses |
5.4.24 | AGENT TESLA | Malware | RAT | AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES |
5.4.24 | StrelaStealer | Malware | Stealer | SonicWall Capture Labs threat research team has observed an updated variant of StrelaStealer. |
5.4.24 | Sync-Scheduler | Malware | Stealer | This study provides a detailed overview of Sync-Scheduler, a potent malware written in C++ boasting defense evasion and anti-analysis capabilities. |
5.4.24 | Rhadamanthys | Malware | Stealer | Recently Updated Rhadamanthys Stealer Delivered in Federal Bureau of Transportation Campaign |
3.4.24 | Mispadu | Malware | Banking | Breaking Boundaries: Mispadu's Infiltration Beyond LATAM |
2.4.24 | XZ Backdoor | Malware | Backdoor | Everything I Know About the XZ Backdoor |
2.4.24 | UNAPIMON | Malware | Backdoor | Earth Freybug Uses UNAPIMON for Unhooking Critical APIs |
2.4.24 | VenomRAT | Malware | RAT | VenomRAT: A remote access tool with dangerous consequences |
1.4.24 | APP | Satori Threat Intelligence Alert: PROXYLIB and LumiApps Transform Mobile Devices into Proxy Nodes | ||
1.4.24 | Android | Android Malware Vultur Expands Its Wingspan | ||
31.3.24 | Vultur | Malware | Android | The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device. |
31.3.24 | Atomic Stealer | Malware | MacOS | Infostealers continue to pose threat to macOS users |
30.3.24 | TheMoon | Malware | Worm | Linksys Worm ("TheMoon") Captured |
30.3.24 | DinodasRAT | Malware | RAT | DinodasRAT Linux implant targeting entities worldwide |
28.3.24 | Agent Tesla | Malware | Loader | Agent Tesla's New Ride: The Rise of a Novel Loader |
27.3.24 | EvilOSX | Malware | osx | |
27.3.24 | Trochilus RAT | Malware | RAT | Trochilus is a C++ written RAT, which is available on GitHub. |
23.3.24 | QUARTERRIG | Malware | Dropper | Here, MUSKYBEAT refers to the in-memory dropper component, while STATICNOISE is the final payload / downloader. |
23.3.24 | BEATDROP | Malware | Dropper | According to Mandiant, BEATDROP is a downloader written in C that uses Atlassian's project management service Trello for C&C. |
23.3.24 | ROOTSAW | Malware | Spy | Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations |
23.3.24 | WINELOADER | Malware | Loader | APT29 Uses WINELOADER to Target German Political Parties |
22.3.24 | Sign1 Malware | Malware | JavaScript | Sign1 Malware: Analysis, Campaign History & Indicators of Compromise |
22.3.24 | Revenge RAT | Malware | RAT | Revenge RAT via malicious PPAM in Latin America, Portugal and Spain |
22.3.24 | AceCryptor | Malware | RAT | Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries |
22.3.24 | Stealc | Malware | Loader | Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. |
22.3.24 | StrelaStealer | Malware | Stealer | StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server. |
22.3.24 | AcidRain | Malware | Wipper | A MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems. |
22.3.24 | AcidPour | Malware | Wipper | AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine |
22.3.24 | AndroxGh0st | Malware | Android | AndroxGh0st is a Python-based malware designed to target Laravel applications. It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio. |
20.3.24 | Crypter | According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021 The malware has been observed distributing a variety of remote access trojans and information stealers | ||
20.3.24 | Loader | Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor | ||
20.3.24 | Stealer | WhiteSnake Stealer: Unveiling the Latest Version – Less Obfuscated, More Dangerous | ||
20.3.24 | Stealer | The GlorySprout or a Failed Clone of Taurus Stealer | ||
20.3.24 | CoinMiner | CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers | ||
20.3.24 | Wiper | A MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems. | ||
20.3.24 | RAT | Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago. | ||
20.3.24 | RAT | APT37's ROKRAT HWP Object Linking and Embedding | ||
18.3.24 | Malware | Scalable Vector Graphics (SVG) files are a popular format for web graphics because they can be resized without losing quality. However, cybercriminals are now exploiting SVGs to deliver malware, posing a new threat to unsuspecting users. | ||
18.3.24 | Stealer | From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites | ||
18.3.24 | Stealer | PowerShell script | ||
18.3.24 | Stealer | the malware was used previously in campaigns from July through August, and September 2023 | ||
18.3.24 | JavaScript | The government computer emergency response team of Ukraine CERT-UA detected a malicious document "Nuclear Terrorism A Very Real Threat.rtf", opening of which will lead to the download of an HTML file and the execution of JavaScript code (CVE-2022-30190), which will ensure the download and launching the CredoMap malware. | ||
18.3.24 | Backdoor | X-Force’s analysis revealed that OCEANMAP has a strong overlap in both technique and .NET implementation. Several of the functions used in OCEANMAP were repurposed from the original CREDOMAP stealer and used as a base to build the new persistent backdoor. | ||
18.3.24 | Python | Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus | ||
17.3.24 | Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victim’s sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. | ||
17.3.24 | Stealer | RisePro stealer targets Github users in “gitgub” campaign | ||
17.3.24 | Loader | Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled | ||
14.3.24 | Pelmeni Wrapper | Malware | Wrapper | Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor) |
14.3.24 | RedCurl | Malware | CyberSpy | Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence |
14.3.24 | zgRAT | Malware | RAT | zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets. |
14.3.24 | CyberGate | Malware | RAT | According to Subex Secure, CyberGate is a Remote Access Trojan (RAT) that allows an attacker to gain unauthorized access to the victim’s system. |
14.3.24 | Planet Stealer | Malware | Stealer | Planet Stealer is a recently identified infostealing malware variant. This Go-based malware has been advertised for sale on underground forums. |
14.3.24 | DBatLoader | Malware | Loader | Latest DBatLoader Uses Driver Module to Disable AV/EDR Software |
14.3.24 | Tweaks Stealer | Malware | Stealer | Tweaks Stealer Targets Roblox Users Through YouTube and Discord |
14.3.24 | Phemedrone Stealer | Malware | Stealer | Unveiling Phemedrone Stealer: Threat Analysis and Detections |
14.3.24 | Mispadu | Malware | Banking | According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers. |
14.3.24 | DarkGate | Malware | Loader | First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. |
13.3.24 | PixPirate | Malware | Android | PixPirate: The Brazilian financial malware you can’t see |
13.3.24 | STRRAT | Malware | RAT | STRRAT is a Java-based RAT, which makes extensive use of plugins to provide full remote access to an attacker, as well as credential stealing, key logging and additional plugins. |
13.3.24 | VCURMS | Malware | Java | Recently, FortiGuard Labs uncovered a phishing campaign that entices users to download a malicious Java downloader with the intention of spreading new VCURMS and STRRAT remote access trojans (RAT). |
12.3.24 | BIPClip | Malware | PyPI | RL has discovered a campaign using PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases, which are used for wallet recovery. |
12.3.24 | CHAVECLOAK | Malware | Banking | FortiGuard Labs recently uncovered a threat actor employing a malicious PDF file to propagate the banking Trojan CHAVECLOAK. |
11.3.24 | BianDoor | Malware | Backdoor | |
7.3.24 | MgBot | Malware | Bot | My Tea’s not cold. An overview of China’s cyber threat |
7.3.24 | Snake | Malware | InfoStealer | In this Threat Analysis Report, Cybereason Security Services dives into the Python Infostealer, delivered via GitHub and GitLab, that ultimately exfiltrates credentials via Telegram Bot API or other well known platforms. |
7.3.24 | WogRAT | Malware | RAT | AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system. |
7.3.24 | SpyNote | Malware | RAT | The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code |
6.3.24 | OceanLotus | Malware | OSX | According to PcRisk, Research shows that the OceanLotus 'backdoor' targets MacOS computers. |
6.3.24 | TODDLERSHARK | Malware | VBS | TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant |
2.3.24 | Loader | GUloader Unmasked: Decrypting the Threat of Malicious SVG Files | ||
2.3.24 | RAT | The Art of Domain Deception: Bifrost's New Tactic to Deceive Users | ||
2.3.24 | Backdoor | GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange | ||
2.3.24 | Loader | European diplomats targeted by SPIKEDWINE with WINELOADER | ||
1.3.24 | Backdoor | A custom backdoor written in C++ capable of file exfiltration and upload, command execution, and more. Communicates using Azure cloud infrastructure. | ||
1.3.24 | Backdoor | A custom backdoor that provides a more flexible code-execution interface and enhanced reconnaissance features compared to MINIBIKE | ||
1.3.24 | Backdoor | A tunneler, likely based on an open-source Socks4a proxy, that communicates using Azure cloud infrastructure | ||
28.2.24 | Stealer | Pony (also known as Fareit or Siplog) is a malware categorized as a loader and stealer, although it is also used as a botnet, being a tool that has been used for more than 10 years and is still in use. | ||
28.2.24 | Backdoor | New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group | ||
28.2.24 | Stealer | When Stealers Converge: New Variant of Atomic Stealer in the Wild | ||
28.2.24 | Banking | According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers. | ||
28.2.24 | Linux | Modular malware framework targeting SOHO network devices | ||
28.2.24 | Loader | Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus | ||
28.2.24 | RAT | Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant) | ||
27.2.24 | Loader | Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT to a Ukraine Entity in Finland | ||
27.2.24 | Stealer | DarkVNC is a hidden utility based on the Virtual Network Computing (VNC) technology, initially promoted on an Exploit forum in 2016. | ||
27.2.24 | RAT | We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. | ||
27.2.24 | RAT | We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. | ||
27.2.24 | Banking | Ousaban: LATAM Banking Malware Abusing Cloud Services | ||
27.2.24 | Banking | Tweet on recent Mekotio Banker campaign | ||
27.2.24 | Banking | First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques. | ||
22.2.24 | Worm | SSH-Snake: New Self-Modifying Worm Threatens Networks | ||
22.2.24 | RAT | To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer | ||
21.2.24 | Stealer | Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats | ||
21.2.24 | Stealer | Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses | ||
21.2.24 | Miner | Migo - a Redis Miner with Novel System Weakening Techniques | ||
21.2.24 | Backdoor | Sysjoker is a backdoor malware that was first discovered in December 2021 by Intezer. | ||
21.2.24 | Wipper | According to Security Joes, this malware is an x64 ELF executable, lacking obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions. | ||
19.2.24 | Android | Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach | ||
19.2.24 | Backdoor | Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. | ||
18.2.24 | Stealer | Raccoon Stealer v2 – Part 1: The return of the dead | ||
18.2.24 | Stealer | An info stealer is malicious software (malware) that seeks to steal private data from a compromised device, including passwords, cookies, autofill information from browsers, and cryptocurrency wallet information. | ||
17.2.24 | Backdoor | According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking. | ||
17.2.24 | Backdoor | TinyTurla Next Generation - Turla APT spies on Polish NGOs | ||
17.2.24 | iOS | Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows | ||
17.2.24 | Loader | This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE. | ||
17.2.24 | Loader | CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day | ||
17.2.24 | Bootkit | Diving Into Glupteba's UEFI Bootkit | ||
17.2.24 | Loader | Pikabot is a malware loader that originally emerged in early 2023. Over the past year, ThreatLabz has been tracking the development of Pikabot and its modus operandi. | ||
17.2.24 | Backdoor | Ivanti Connect Secure: Journey to the core of the DSLog backdoor | ||
17.2.24 | macOS | New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group | ||
12.2.24 | RAT | The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. | ||
10.2.24 | Backdoor | New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group | ||
10.2.24 | Worm | RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS | ||
9.2.24 | Android | MoqHao evolution: New variants start automatically right after installation | ||
9.2.24 | Banking | Coyote: A multi-stage banking Trojan abusing the Squirrel installer | ||
9.2.24 | Backdoor | New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization | ||
8.2.24 | Loader | HijackLoader Expands Techniques to Improve Defense Evasion | ||
8.2.24 | Stealer | Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer | ||
7.2.24 | Backdoor | According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475). | ||
7.2.24 | ELF | According to Mandiant, this malware family is attributed to potential chinese background and directly related to observed exploitation of Fortinet's SSL-VPN (CVE-2022-42475). There is also a Windows variant. | ||
7.2.24 | RAT | Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances. | ||
6.2.24 | Stealer | CrackedCantil: A Malware Symphony Breakdown | ||
6.2.24 | Stealer | Facebook Advertising Spreads Novel Malware Variant | ||
6.2.24 | Spyware | A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets | ||
6.2.24 | Android | Skygofree: Following in the footsteps of HackingTeam | ||
5.2.24 | RAT | ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group | ||
5.2.24 | Spyware | New spyware attacks exposed: civil society targeted in Jordan | ||
5.2.24 | Loader | This report aims to detail the functioning of a malware used by FIN7 since 2021, named DiceLoader (also known Icebot), and to provide a comprehensive approach of the threat by detailing the related Techniques... | ||
5.2.24 | Stealer | CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign | ||
5.2.24 | Stealer | Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019 | ||
3.2.24 | Backdoor | ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware | ||
3.2.24 | Backdoor | Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor | ||
2.2.24 | Rootkit | We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), a piece of technology that allows programs to execute code in the operating systems of popular cloud-computing platforms. We also show how to detect such threats. | ||
2.2.24 | Backdoor | HeadCrab 2.0: Evolving Threat in Redis Malware Landscape | ||
1.2.24 | Python | Evolution of UNC4990: Uncovering USB Malware's Hidden Depths | ||
1.2.24 | Backdoor | Mandiant has observed UNC4990 leverage EMPTYSPACE (also known as VETTA Loader and BrokerLoader), a downloader that can execute any payload served by the command and control (C2) server, and QUIETBOARD, which is a backdoor that was delivered using EMPTYSPACE. | ||
1.2.24 | Loader | KRUSTYLOADER - RUST MALWARE LINKED TO IVANTI CONNECTSECURE COMPROMISES | ||
31.1.24 | Banking | Grandoreiro is one of the many Latin American banking trojans such as Javali, Melcoz, Casabeniero, Mekotio, and Vadokrist, primarily targeting countries like Spain, Mexico, Brazil, and Argentina. | ||
31.1.24 | Stealer | From Screen Captures to Crypto wallets: Analyzing the Multi-Faceted Threat of Rage Stealer | ||
31.1.24 | Stealer | RUSSIAN STEALER LOG AGGREGATOR RELEASES FULLY NATIVE INFOSTEALER | ||
31.1.24 | Trojan | Zloader: No Longer Silent in the Night | ||
29.1.24 | Backdoor | LODEINFO is a fileless malware that has been observed in campaigns that start with spear-phishing emails since December 2019. | ||
29.1.24 | Trojan | Inside the SYSTEMBC Command-and-Control Server | ||
29.1.24 | RAT | AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. | ||
29.1.24 | GO base | CherryLoader: A New Go-based Loader Discovered in Recent Intrusions | ||
29.1.24 | RAT | It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. | ||
29.1.24 | Cryptomining | Glupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet. | ||
29.1.24 | Python | Info Stealing Packages Hidden in PyPI | ||
20.1.24 | VBS | Screentime: Sometimes It Feels Like Somebody's Watching Me | ||
19.1.24 | OSX | Jamf Threat Labs discovers new malware embedded in pirated applications | ||
18.1.24 | Android | CISA and FBI Release Known IOCs Associated with Androxgh0st Malware | ||
17.1.24 | RAT | Remcos RAT Being Distributed via Webhards | ||
16.1.24 | Stealer | CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign | ||
12.1.24 | Linux | Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services | ||
11.1.24 | osx | Mac users targeted in new malvertising campaign delivering Atomic Stealer | ||
11.1.24 | Bot | You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance | ||
10.1.24 | Loader | Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component. | ||
9.1.24 | Stealer | Deceptive Cracked Software Spreads Lumma Variant on YouTube | ||
9.1.24 | RAT | A GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND IT’S SYRIAN ROOTS | ||
6.1.24 | macOS | Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) Macho family tracked as SpectralBlur we found in August, and how finding it led us to stumble upon an early iteration of KANDYKORN (aka SockRacket). Please read Elastic’s EXCELLENT piece on that family. | ||
6.1.24 | Wipper | Wiper attack on Albania by Iranian APT | ||
5.1.24 | RAT | Bandook - A Persistent Threat That Keeps Evolving | ||
5.1.24 | RAT | Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion | ||
3.1.24 | Stealer | WhiteSnake Stealer malware sample on MalwareBazaar | ||
3.1.24 | Stealer | RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information, passwords, and personal data. | ||
1.1.24 | Stealer | On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2). | ||
1.1.24 | Stealer | Jinx – Malware 2.0 We know it’s big, we measured it! |