WOKMALWARE 


HOME  Adware  Android  App  Apple  APT  Backdoor  Banking  Bootkit  Bot  CoinMiner  Crypto  Cryptomining  CyberSpy  Downloader  Dropper  ELF  FUD Engine  GO base  ICS  InfoStealer  iOS  Java  JavaScript  Keylogger  Loader  macOS  Macro  Mobil App  OSX  PyPI  Python  RAT  Rootkit  Spy  Spyware  Stealer  Tool  Trojan  VBA  VBS  Wipper  Worm


2024  2023  2022

DATE

NAME

CATEGORY

SUBC

info

27.9.24

DCRatMALWARERATDCRat Targets Users with HTML Smuggling

27.9.24

FPSpyMALWAREBACKDOORUnraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

27.9.24

KLogEXE MALWAREKEYLOGGERUnraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

25.9.24

Taliban StealerMALWAREStealerCyfirma researchers have discovered a website promoting a tool called 'Taliban Stealer'. Once executed, this stealer prompts the user to select what data to collect from the machine, such as passwords, cookies, or cryptocurrency wallets.

25.9.24

Rage StealerMALWAREStealerA Comprehensive Analysis of Angry Stealer : Rage Stealer in a New Disguise

25.9.24

X-FILES StealerMALWAREStealerX-FILES Stealer: Advanced malware with sophisticated features and ongoing enhancements

25.9.24

QWERTY StealerMALWAREStealerQWERTY is a newly discovered infostealer variant observed being hosted on a Linux-based virtual private server located in Germany with limited service exposure.

25.9.24

et Another Silly Stealer (YASS)MALWAREStealerThere's Something About CryptBot: Yet Another Silly Stealer (YASS)

25.9.24

POWERSHELL KEYLOGGERMALWAREKeyloggerAt CYFIRMA, we are dedicated to delivering timely insights into emerging threats and malicious tactics that pose risks to both organizations and individuals. This report offers an analysis of a newly identified keylogger that operates via a PowerShell script.

25.9.24

PoseidonMALWAREStealerPoseidon Stealer Uses Sora AI Lure to Infect macOS

25.9.24

LuxyMALWAREStealerLuxy: A Stealer and a Ransomware in one

25.9.24

GomorrahMALWAREStealerGomorrah Stealer v5.1: An In-Depth Analysis of a .NET-Based Malware

25.9.24

Emansrepo MALWAREStealerIn August 2024, FortiGuard Labs observed a python infostealer we call Emansrepo that is distributed via emails that include fake purchase orders and invoices.

25.9.24

BLX (aka XLABB) MALWAREStealerBLX Stealer known also as XLABB Stealer is a malware variant initially discovered back last year. New activity attributed to this infostealer has been observed in the wild.

25.9.24

RomCom RATMALWARERATSecurity Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware

25.9.24

Splinter MALWARETool ExploitDiscovering Splinter: A First Look at a New Post-Exploitation Red Team Tool

25.9.24

SpAIwareMALWARESpyware AISpyware Injection Into Your ChatGPT's Long-Term Memory (SpAIware)

24.9.24

Octo2MALWAREAndroidOcto2: European Banks Already Under Attack by New Malware Variant

24.9.24

Necro MALWARETROJANHow the Necro Trojan infiltrated Google Play, again

23.9.24

PondRATMALWARERATGleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

19.9.24

SambaSpyMALWARERATExotic SambaSpy is now dancing with Italian users

18.9.24

MISTPENMALWAREBackdoorAn Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader

17.9.24

RustDoorMALWARECRYPTOCURRENCYNorth Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

14.9.24

TrickMoMALWAREBankingA new TrickMo saga: from Banking Trojan to Victim's Data Leak

14.9.24

Hadooken MALWARELinuxHadooken Malware Targets Weblogic Applications

13.9.24

Ajina.Banker MALWAREBankingAjina attacks Central Asia: Story of an Uzbek Android Pandemic

13.9.24

Android.Vo1dMALWARETVVoid captures over a million Android TV boxes

13.9.24

Spearal MALWAREISS BackdoorTargeted Iranian Attacks Against Iraqi Government Infrastructure

13.9.24

Veaty MALWAREISS BackdoorTargeted Iranian Attacks Against Iraqi Government Infrastructure

9.9.24

WhisperGateMALWAREWrapperWhisperGate is a multi-stage wiper designed to look like ransomware that has been used against multiple government, non-profit, and information technology organizations in Ukraine since at least January 2022.

9.9.24

Android SpyAgentMALWAREAndroidNew Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition

9.9.24

LokiMALWAREBackdoorLoki: a new private agent for the popular Mythic framework

9.9.24

TIDRONE MALWAREMilitary MalwareTIDRONE Targets Military and Satellite Industries in Taiwan

8.9.24

COVERTCATCHMALWAREPythonNorth Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

5.9.24

KTLVdoorMALWAREBackdoorEarth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

5.9.24

WikiLoaderMALWARELoaderSpoofed GlobalProtect Used to Deliver Unique WikiLoader Variant

5.9.24

RocinanteMALWARETrojanRocinante: The trojan horse that wanted to fly

30.8.24

MasqueradesMALWAREBackdoorThreat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

30.8.24

noMu BackdoorMALWAREBackdoorAPT Attack Case Analysis Report Using noMu Backdoor

28.8.24

HZ RatMALWAREMacOSHZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat

26.8.24

NGateMALWAREAndroidNGate Android malware relays NFC traffic to steal cash

25.8.24

sedexpMALWARELinuxUnveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules

24.8.24

PEAKLIGHTMALWAREDownloaderPEAKLIGHT: Decoding the Stealthy Memory-Only Malware

23.8.24

Cthulhu MALWAREMacOSFrom the Depths: Analyzing the Cthulhu Stealer Malware for macOS

23.8.24

FM11RF08S MALWAREBackdoorMIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors

22.8.24

PG_MEMMALWARECRYPTOCURRENCYPG_MEM: A Malware Hidden in the Postgres Processes

21.8.24

MoonPeak MALWARERATMoonPeak malware from North Korean actors unveils new details on attacker infrastructure

21.8.24

StyxMALWAREStealerUnmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove

21.8.24

TodoSwiftMALWAREMacOSTodoSwift Disguises Malware Download Behind Bitcoin PDF

21.8.24

CharmingCypressMALWAREFamiliesCharmingCypress: Innovating Persistence

21.8.24

UULoaderMALWARELoaderMeet UULoader: An Emerging and Evasive Malicious Installer.

21.8.24

NUMOZYLOD MALWAREMaasFinding Malware: Unveiling NUMOZYLOD with Google Security Operations

16.8.24

SharpRhino MALWARERATSharpRhino – New Hunters International RAT Identified by Quorum Cyber

16.8.24

ValleyRATMALWARERATA Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

16.8.24

Cuckoo MALWAREMacOSUpdate: Cuckoo Malware Evolves

16.8.24

BANSHEEMALWAREMacOSBeyond the wail: deconstructing the BANSHEE infostealer

7.8.24

GoGraMALWAREBackdoorCloud Cover: How Malicious Actors Are Leveraging Cloud Services

7.8.24

Chameleon MALWAREMobil TrojanChameleon is back in Canada and Europe
6.8.24LianSpyMALWAREAndroidLianSpy: new Android spyware targeting Russian users

5.8.24

STRRATMALWARERATBloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware

5.8.24

BlankBot MALWAREAndroid BankingBlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities

5.8.24

StormBambooMALWAREBackdoorStormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms

3.8.24

BITSLOTHMALWAREBackdoorBITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor

2.8.24

BingoModMALWARERATBingoMod: The new android RAT that steals money and wipes data

2.8.24

Linux.BackDoor.TgRat.2

MALWARE

RAT

A trojan for Linux with a wide range of functions and the ability to be remotely controlled via a Telegram bot. The source code is written in Go and encrypted with RSA.

2.8.24

TgRAT

MALWARE

RAT

At the first stage, the dropper checks the parameters (arguments) used for its launch: this impacts the intermediate persistence stage. If there are input arguments, the add_payload stage begins (named after the function that performs it).

2.8.24

SMS Stealer

MALWARE

SMS

Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps

2.8.24

Mandrake

MALWARE

Spyware

Mandrake spyware sneaks onto Google Play again, flying under the radar for two years

2.8.24

ModiLoader

MALWARE

Loader

Phishing targeting Polish SMBs continues via ModiLoader

27.7.24

ExelaStealerMALWAREStealerSome simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65):

27.7.24

Handala’s WiperMALWAREWipperCrowdStrike’s Falcon agent caused downtime for millions of computers across the globe beginning July 19. This event caused panic and chaos, which threat actors quickly latch on to gain an edge over defenders.

25.7.24

ACR StealerMALWAREStealerACR Stealer is an information stealer advertised by a threat actor operating under the pseudonym SheldIO, on Russian-speaking cybercrime forums. It is sold as a Malware-as-a-Service (MaaS) since March 2024.

24.7.24

macOS.Macma

MALWARE

macOS

Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma

24.7.24

FrostyGoopMALWAREICSImpact of FrostyGoop ICS Malware on Connected OT Systems

23.7.24

SocGholishMALWAREDownloaderFake Browser Updates Lead to BOINC Volunteer Computing Software

20.7.24

AuKillMALWARETool‘AuKill’ EDR killer malware abuses Process Explorer driver

20.7.24

BUGSLEEPMALWAREBackdoorBugSleep is a backdoor designed to execute the threat actors’ commands and transfer files between the compromised machine and the C&C server.

19.7.24

Demodex MALWARERootkitA Comprehensive Look at the Updated Infection Chain of Ghost Emperor’s Demodex Rootkit.

19.7.24

OilAlphaMALWAREMobil AppOilAlpha Malicious Applications Target Humanitarian Aid Groups Operating in Yemen

18.7.24

HotPageMALWAREAdwareHotPage: Story of a signed, vulnerable, ad-injecting driver

18.7.24

BeaverTailMALWAREStealerNorth Korean Hackers Update BeaverTail Malware to Target MacOS Users

16.7.24

BUGSLEEPMALWAREBackdoorNEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS

15.7.24

SYS01 StealerMALWAREStealerHow SYS01 Stealer Will Get Your Sensitive Facebook Info

13.7.24

DarkGateMALWARERATDarkGate: Dancing the Samba With Alluring Excel Files

11.7.24

DodgeBoxMALWARELoaderDodgeBox: A deep dive into the updated arsenal of APT41 | Part 1

11.7.24

Poco RATMALWARERATNew Malware Campaign Targeting Spanish Language Victims

10.7.24

ViperSoftXMALWAREPythonThe Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution

9.7.24

GuardZooMALWAREAndroidLookout Discovers Houthi Surveillanceware Targeting Middle Eastern Militaries

8.7.24

StrelaStealerMALWAREStealerStrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe

8.7.24

SatanstealerMALWAREStealerSatanstealer is a new open source infostealing malware shared on GitHub. The malware collects and exfiltrates various types of information such as browser cookies, passwords, registered phone numbers, and email client details.

8.7.24

PoseidonMALWAREStealer‘Poseidon’ Mac stealer distributed via Google ads

8.7.24

0bj3ctivityMALWAREStealer0bj3ctivity is an infostealer variant first observed last year in campaigns targeting Italy. A new campaign delivering this malware yet again to Italian users has been reported by CERT-AGID.

8.7.24

Neptune StealerMALWAREStealerA new malware strain dubbed Neptune Stealer has been uncovered by researchers. This malware quietly infiltrates systems to extract passwords and financial data, operating discreetly and customizing itself to evade detection.

8.7.24

Kematian StealerMALWAREStealerKematian-Stealer : A Deep Dive into a New Information Stealer

8.7.24

MekotioMALWAREBankingMekotio Banking Trojan Threatens Financial Systems in Latin America

5.7.24

GootLoaderMALWARELoaderGootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks

4.7.24

MerkSpyMALWARESpywareMerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems

3.7.24

SmokeLoader, part 2MALWARELoaderA Brief History of SmokeLoader, Part 2

3.7.24

SmokeLoader, part 1MALWARELoaderA Brief History of SmokeLoader, Part 1

3.7.24

FakeBat loaderMALWARELoaderExposing FakeBat loader: distribution methods and adversary infrastructure

3.7.24

HappyDoorMALWAREBackdoorKimsuky Group's New Backdoor Appears (HappyDoor)

3.7.24

XctdoorMALWAREBackdoorXctdoor Malware Used in Attacks Against Korean Companies (Andariel)

1.7.24

CapraTube MALWAREAndroidCapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts

1.7.24

SnowblindMALWAREAndroidBeware of Snowblind: A new Android malware
20.6.24SquidLoader MALWARELoaderLevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations
18.6.24Hijack LoaderMALWARELoaderInfo Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion
17.6.24COATHANGERMALWARERATMinistry of Defence of the Netherlands uncovers COATHANGER,a stealthy Chinese FortiGate RAT
17.6.24BadSpace MALWAREBackdoorBackdoor BadSpace delivered by high-ranking infected websites
17.6.24NiceRAT MALWARERATBotnet Installing NiceRAT Malware
15.6.24DISGOMOJIMALWARELinuxDISGOMOJI Malware Used to Target Indian Government
15.6.24GrandoreiroMALWAREBankingSmishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
14.6.24Script RATMALWARERATIn Bad Company: JScript RAT and CobaltStrike
14.6.24SSLoad MalwareMALWARELoaderDissecting SSLoad Malware: A Comprehensive Technical Analysis
13.6.24Noodle RATMALWARERATNoodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups
13.6.24WARMCOOKIE MALWAREBackdoorDipping into Danger: The WARMCOOKIE backdoor
12.6.24ValleyRATMALWARERATTechnical Analysis of the Latest Variant of ValleyRAT
11.6.24More_eggsMALWAREBackdoorMore_eggs Activity Persists Via Fake Job Applicant Lures

7.6.24

SPECTR

MALWARE

Stealer

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

7.6.24

Muhstik

MALWARE

Trojan

Muhstik Malware Targets Message Queuing Services Applications

6.6.24

BoxedApp

MALWARE

App

BoxedApp products are general packers built on top of its SDK, which provides the ability to create Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking).

6.6.24

'Lumma' crypto stealer

MALWARE

Stealer

Russia-linked 'Lumma' crypto stealer now targets Python devs

5.6.24

DarkGate

Malware

RAT

During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans (RATs) by malicious actors.

3.6.24

Lumma Stealer

Malware

Stealer

Fake Browser Updates delivering BitRAT and Lumma Stealer

3.6.24

BitRAT

Malware

RAT

Fake Browser Updates delivering BitRAT and Lumma Stealer

30.5.24

AhMyth MalwareAndroidAhMyth is malware that spreads through a few different infection vectors and uses various means to collect and exfiltrate sensitive information from infected devices.

30.5.24

RedTailMalwareCryptocurrencyRedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit

30.5.24

PyPI crypto-stealerMalwarePythonPyPI crypto-stealer targets Windows users, revives malware campaign

29.5.24

AllaSenhaMalwareRATALLASENHA: ALLAKORE VARIANT LEVERAGES AZURE CLOUD C2 TO STEAL BANKING DETAILS IN LATIN AMERICA

25.5.24

ShadowPad

Malware

RAT

BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad.

25.5.24

BloodAlchemy

Malware

RAT

Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy

22.5.24

SolarMarker MalwareInfoStealerAnalysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware

21.5.24

No-JusticeMalwareWipperNo-Justice Wiper - Wiper attack on Albania by Iranian APT)

21.5.24

Cl Wiper MalwareWipperIranian State Actors Conduct Cyber Operations Against the Government of Albania

20.5.24

LATRODECTUSMalwareLoaderThe LATRODECTUS loader evolves to deliver ICEDID and other malware

20.5.24

Grandoreiro MalwareBankingGrandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

18.5.24

SugarGh0st RATMalwareRATArtificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts

18.5.24

SpringtailMalwareBackdoorMore than one legitimate software package was modified to deliver malware in North Korean group’s recent campaign against South Korean organizations.

16.5.24

LunarMailMalwareAPT ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

16.5.24

LunarWeb MalwareAPT ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

11.5.24

zEus MalwareStealerzEus Stealer Distributed via Crafted Minecraft Source Pack

10.5.24

CoperMalwareAndroidCoper is a descendant of ExoBotCompat, which was a rewritten version of Exobot.

8.5.24

HijackLoader

Malware

Loader

HijackLoader (a.k.a. IDAT Loader) is a malware loader initially spotted in 2023 that is capable of using a variety of modules for code injection and execution.

7.5.24

MetaStealer

Malware

Stealer

Post-infection traffic triggers signatures for Win32/MetaStealer Related Activity from the EmergingThreats Pro (ETPRO) ruleset.

7.5.24

BASICSTAR

Malware

VBS

CharmingCypress: Innovating Persistence

7.5.24

WIREFIRE

Malware

Python

Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion

6.5.24

Cuckoo

Malware

Apple

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware

3.5.24

Cuttlefish

Malware

Trojan

The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers.

3.5.24

Wpeeper

Malware

Backdoor

Playing Possum: What's the Wpeeper Backdoor Up To?

3.5.24

Graph

Malware

Trojan

Graph: Growing number of threats leveraging Microsoft API

1.5.24

Zloader

Malware

Trojan

Zloader Learns Old Tricks

27.4.24BrokewellMalwareAndroidBrokewell: do not go broke from new banking malware!
27.4.24Kaolin RATMalwareRATFrom BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
25.4.24Pupy RATMalwareRATAnalysis of Pupy RAT Used in Attacks Against Linux Systems
25.4.24GuptiMinerMalwareCryptocurrencyGuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
24.4.24CoralRaiderMalwareStealerSuspected CoralRaider continues to expand victimology using three information stealers
22.4.24Redline StealerMalwareStealerA new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior.
19.4.24DeuterbearMalwareLoaderCyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
19.4.24OfflRouterMalwareVBA MacroOfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal
19.4.24CR4T MalwareBackdoorCR4t Malware: A Shape-Shifting Threat — Threat Intelligence Report
18.4.24SoumniBotMalwareAndroid BankingSoumniBot: the new Android banker’s unique techniques
18.4.24MadMxShellMalwareBackdoorMalvertising campaign targeting IT teams with MadMxShell
18.4.24KapekaMalwareBackdoorKapeka: A novel backdoor spotted in Eastern Europe
15.4.24LightSpyMalwareiosLightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India

11.4.24

BatCloak

Malware

FUD Engine

Analyzing the FUD Malware Obfuscation Engine BatCloak

11.4.24

XploitSPY RAT

Malware

RAT

eXotic Visit campaign: Tracing the footprints of Virtual Invaders

10.4.24SmokeMalwareBackdoorSmoke and (screen) mirrors: A strange signed backdoor
9.4.24ScrubCrypt MalwareCryptoScrubCrypt Deploys VenomRAT with an Arsenal of Plugins
8.4.24Latrodectus MalwareDownloaderLatrodectus: This Spider Bytes Like Ice
8.4.24SecTopRATMalwareRATBing ad for NordVPN leads to SecTopRAT
5.4.24RhadamanthysMalwareStealerRhadamanthys Malware Disguised as Groupware Installer (Detected by MDS)
5.4.24JSOutProxMalwareToolResecurity has detected a new version of JSOutProx, targeting financial services and organizations in the APAC and MENA regions. JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET.
5.4.24ByakuganMalwareinfostealerByakugan – The Malware Behind a Phishing Attack
5.4.24VietCredCare MalwareStealerExtra credit: VietCredCare information stealer takes aim at Vietnamese businesses
5.4.24AGENT TESLAMalwareRATAGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES
5.4.24StrelaStealerMalwareStealerSonicWall Capture Labs threat research team has observed an updated variant of StrelaStealer.
5.4.24Sync-SchedulerMalwareStealerThis study provides a detailed overview of Sync-Scheduler, a potent malware written in C++ boasting defense evasion and anti-analysis capabilities.
5.4.24RhadamanthysMalwareStealerRecently Updated Rhadamanthys Stealer Delivered in Federal Bureau of Transportation Campaign
3.4.24MispaduMalwareBankingBreaking Boundaries: Mispadu's Infiltration Beyond LATAM
2.4.24XZ BackdoorMalwareBackdoorEverything I Know About the XZ Backdoor
2.4.24UNAPIMON MalwareBackdoorEarth Freybug Uses UNAPIMON for Unhooking Critical APIs
2.4.24VenomRATMalwareRATVenomRAT: A remote access tool with dangerous consequences

1.4.24

PROXYLIB

Malware

APP

Satori Threat Intelligence Alert: PROXYLIB and LumiApps Transform Mobile Devices into Proxy Nodes

1.4.24

Vultur

Malware

Android

Android Malware Vultur Expands Its Wingspan

31.3.24VulturMalwareAndroidThe authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device.
31.3.24Atomic StealerMalwareMacOSInfostealers continue to pose threat to macOS users
30.3.24TheMoonMalwareWormLinksys Worm ("TheMoon") Captured
30.3.24DinodasRATMalwareRATDinodasRAT Linux implant targeting entities worldwide
28.3.24Agent TeslaMalwareLoaderAgent Tesla's New Ride: The Rise of a Novel Loader
27.3.24EvilOSXMalwareosx
27.3.24Trochilus RATMalwareRATTrochilus is a C++ written RAT, which is available on GitHub.
23.3.24QUARTERRIGMalwareDropperHere, MUSKYBEAT refers to the in-memory dropper component, while STATICNOISE is the final payload / downloader.
23.3.24BEATDROPMalwareDropperAccording to Mandiant, BEATDROP is a downloader written in C that uses Atlassian's project management service Trello for C&C.
23.3.24ROOTSAWMalwareSpyBackchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations
23.3.24WINELOADER MalwareLoaderAPT29 Uses WINELOADER to Target German Political Parties
22.3.24Sign1 MalwareMalwareJavaScriptSign1 Malware: Analysis, Campaign History & Indicators of Compromise
22.3.24Revenge RATMalwareRATRevenge RAT via malicious PPAM in Latin America, Portugal and Spain
22.3.24AceCryptor MalwareRATInsight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
22.3.24StealcMalwareLoaderStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023.
22.3.24StrelaStealer MalwareStealerStrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server.
22.3.24AcidRainMalwareWipperA MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems.
22.3.24AcidPourMalwareWipperAcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine
22.3.24AndroxGh0stMalwareAndroidAndroxGh0st is a Python-based malware designed to target Laravel applications. It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio.

20.3.24

PureCrypter

Malware

Crypter

According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021 The malware has been observed distributing a variety of remote access trojans and information stealers

20.3.24

Smoke Loader

Malware

Loader

Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor

20.3.24

WhiteSnake Stealer

Malware

Stealer

WhiteSnake Stealer: Unveiling the Latest Version – Less Obfuscated, More Dangerous

20.3.24

Taurus Stealer

Malware

Stealer

The GlorySprout or a Failed Clone of Taurus Stealer

20.3.24

KONO DIO DA

Malware

CoinMiner

CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers

20.3.24

AcidRain

Malware

Wiper

A MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems.

20.3.24

NetSupportManager RAT

Malware

RAT

Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago.

20.3.24

ROKRAT

Malware

RAT

APT37's ROKRAT HWP Object Linking and Embedding

18.3.24

SVG

Malware

Malware

Scalable Vector Graphics (SVG) files are a popular format for web graphics because they can be resized without losing quality. However, cybercriminals are now exploiting SVGs to deliver malware, posing a new threat to unsuspecting users.

18.3.24

AZORult

Malware

Stealer

From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites

18.3.24

STEELHOOK

Malware

Stealer

PowerShell script

18.3.24

IRONJAW

Malware

Stealer

the malware was used previously in campaigns from July through August, and September 2023

18.3.24

CREDOMAP

Malware

JavaScript

The government computer emergency response team of Ukraine CERT-UA detected a malicious document "Nuclear Terrorism A Very Real Threat.rtf", opening of which will lead to the download of an HTML file and the execution of JavaScript code (CVE-2022-30190), which will ensure the download and launching the CredoMap malware.

18.3.24

OCEANMAP

Malware

Backdoor

X-Force’s analysis revealed that OCEANMAP has a strong overlap in both technique and .NET implementation. Several of the functions used in OCEANMAP were repurposed from the original CREDOMAP stealer and used as a base to build the new persistent backdoor.

18.3.24

MASEPIE

Malware

Python

Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus

17.3.24

404 Keylogger

Malware

Keylogger

Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victim’s sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard.

17.3.24

RisePro stealer

Malware

Stealer

RisePro stealer targets Github users in “gitgub” campaign

17.3.24

BunnyLoader 3.0

Malware

Loader

Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled

14.3.24Pelmeni WrapperMalwareWrapperPelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)
14.3.24RedCurl MalwareCyberSpyUnveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence
14.3.24zgRATMalwareRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.
14.3.24CyberGateMalwareRATAccording to Subex Secure, CyberGate is a Remote Access Trojan (RAT) that allows an attacker to gain unauthorized access to the victim’s system.
14.3.24Planet StealerMalwareStealerPlanet Stealer is a recently identified infostealing malware variant. This Go-based malware has been advertised for sale on underground forums.
14.3.24DBatLoaderMalwareLoaderLatest DBatLoader Uses Driver Module to Disable AV/EDR Software
14.3.24Tweaks StealerMalwareStealerTweaks Stealer Targets Roblox Users Through YouTube and Discord
14.3.24Phemedrone StealerMalwareStealerUnveiling Phemedrone Stealer: Threat Analysis and Detections
14.3.24MispaduMalwareBankingAccording to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers.
14.3.24DarkGateMalwareLoaderFirst documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation.
13.3.24PixPirateMalwareAndroidPixPirate: The Brazilian financial malware you can’t see
13.3.24STRRATMalwareRATSTRRAT is a Java-based RAT, which makes extensive use of plugins to provide full remote access to an attacker, as well as credential stealing, key logging and additional plugins.
13.3.24VCURMSMalwareJavaRecently, FortiGuard Labs uncovered a phishing campaign that entices users to download a malicious Java downloader with the intention of spreading new VCURMS and STRRAT remote access trojans (RAT).
12.3.24BIPClipMalwarePyPI RL has discovered a campaign using PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases, which are used for wallet recovery.
12.3.24CHAVECLOAKMalwareBankingFortiGuard Labs recently uncovered a threat actor employing a malicious PDF file to propagate the banking Trojan CHAVECLOAK.
11.3.24BianDoorMalwareBackdoor 
7.3.24MgBotMalwareBotMy Tea’s not cold. An overview of China’s cyber threat
7.3.24SnakeMalwareInfoStealerIn this Threat Analysis Report, Cybereason Security Services dives into the Python Infostealer, delivered via GitHub and GitLab, that ultimately exfiltrates credentials via Telegram Bot API or other well known platforms.
7.3.24WogRATMalwareRATAhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system.
7.3.24SpyNoteMalwareRATThe malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code
6.3.24OceanLotusMalwareOSXAccording to PcRisk, Research shows that the OceanLotus 'backdoor' targets MacOS computers.
6.3.24TODDLERSHARKMalwareVBSTODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant

2.3.24

GUloader

Malware

Loader

GUloader Unmasked: Decrypting the Threat of Malicious SVG Files

2.3.24

BIFROSE

Malware

RAT

The Art of Domain Deception: Bifrost's New Tactic to Deceive Users

2.3.24

GTPDOOR

Malware

Backdoor

GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange

2.3.24

WINELOADER

Malware

Loader

European diplomats targeted by SPIKEDWINE with WINELOADER

1.3.24

MINIBIKE

Malware

Backdoor

A custom backdoor written in C++ capable of file exfiltration and upload, command execution, and more. Communicates using Azure cloud infrastructure.

1.3.24

MINIBUS

Malware

Backdoor

A custom backdoor that provides a more flexible code-execution interface and enhanced reconnaissance features compared to MINIBIKE

1.3.24

LIGHTRAIL

Malware

Backdoor

A tunneler, likely based on an open-source Socks4a proxy, that communicates using Azure cloud infrastructure

28.2.24

Pony

Malware

Stealer

Pony (also known as Fareit or Siplog) is a malware categorized as a loader and stealer, although it is also used as a botnet, being a tool that has been used for more than 10 years and is still in use.

28.2.24

RustDoor

Malware

Backdoor

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

28.2.24

TimbreStealer

Malware

Stealer

When Stealers Converge: New Variant of Atomic Stealer in the Wild

28.2.24

Mispadu

Malware

Banking

According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers.

28.2.24

Cyclops Blink

Malware

Linux

Modular malware framework targeting SOHO network devices

28.2.24

MASEPIE

Malware

Loader

Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus

28.2.24

Nood RAT

Malware

RAT

Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant)

27.2.24

IDAT Loader

Malware

Loader

Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT to a Ukraine Entity in Finland

27.2.24

DarkVNC

Malware

Stealer

DarkVNC is a hidden utility based on the Virtual Network Computing (VNC) technology, initially promoted on an Exploit forum in 2016.

27.2.24

Remcos RAT

Malware

RAT

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.

27.2.24

DCRat

Malware

RAT

We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.

27.2.24

Ousaban

Malware

Banking

Ousaban: LATAM Banking Malware Abusing Cloud Services

27.2.24

Mekotio

Malware

Banking

Tweet on recent Mekotio Banker campaign

27.2.24

Astaroth

Malware

Banking

First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques.

22.2.24

SSH-Snake

Malware

Worm

SSH-Snake: New Self-Modifying Worm Threatens Networks

22.2.24

KONNI

Malware

RAT

To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer

21.2.24

PlugX

Malware

Stealer

Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats

21.2.24

VietCredCare

Malware

Stealer

Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses

21.2.24

Migo

Malware

Miner

Migo - a Redis Miner with Novel System Weakening Techniques

21.2.24

SysJoker

Malware

Backdoor

Sysjoker is a backdoor malware that was first discovered in December 2021 by Intezer.

21.2.24

BiBi-Linux

Malware

Wipper

According to Security Joes, this malware is an x64 ELF executable, lacking obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions.

19.2.24

Anatsa 

Malware

Android

Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach

19.2.24

BASICSTAR

Malware

Backdoor

Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers.

18.2.24

Raccoon Stealer v2

Malware

Stealer

Raccoon Stealer v2 – Part 1: The return of the dead

18.2.24

Recordbreaker

Malware

Stealer

An info stealer is malicious software (malware) that seeks to steal private data from a compromised device, including passwords, cookies, autofill information from browsers, and cryptocurrency wallet information.

17.2.24

DeliveryCheck

Malware

Backdoor

According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking.

17.2.24

TinyTurla-NG

Malware

Backdoor

TinyTurla Next Generation - Turla APT spies on Polish NGOs

17.2.24

GoldDigger

Malware

iOS

Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows

17.2.24

Bumblebee

Malware

Loader

This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE.

17.2.24

DarkMe

Malware

Loader

CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day

17.2.24

Glupteba

Malware

Bootkit

Diving Into Glupteba's UEFI Bootkit

17.2.24

PikaBot

Malware

Loader

Pikabot is a malware loader that originally emerged in early 2023. Over the past year, ThreatLabz has been tracking the development of Pikabot and its modus operandi.

17.2.24

DSLog

Malware

Backdoor

Ivanti Connect Secure: Journey to the core of the DSLog backdoor

17.2.24

RustDoor

Malware

macOS

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

12.2.24

Warzone RAT

Malware

RAT

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT.

10.2.24

RustDoor

Malware

Backdoor

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

10.2.24

RASPBERRY ROBIN

Malware

Worm

RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS

9.2.24

MoqHao 

Malware

Android

MoqHao evolution: New variants start automatically right after installation

9.2.24

Coyote

Malware

Banking

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

9.2.24

Zardoor

Malware

Backdoor

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

8.2.24

HijackLoader

Malware

Loader

HijackLoader Expands Techniques to Improve Defense Evasion

8.2.24

Troll Stealer

Malware

Stealer

Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer

7.2.24

BOLDMOVE

Malware

Backdoor

According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475).

7.2.24

BOLDMOVE

Malware

ELF

According to Mandiant, this malware family is attributed to potential chinese background and directly related to observed exploitation of Fortinet's SSL-VPN (CVE-2022-42475). There is also a Windows variant.

7.2.24

COATHANGER

Malware

RAT

Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances.

6.2.24

CrackedCantil

Malware

Stealer

CrackedCantil: A Malware Symphony Breakdown

6.2.24

Ov3r_Stealer

Malware

Stealer

Facebook Advertising Spreads Novel Malware Variant

6.2.24

Epeius

Malware

Spyware

A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets

6.2.24

Skygofree

Malware

Android

Skygofree: Following in the footsteps of HackingTeam

5.2.24

VajraSpy

Malware

RAT

ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group

5.2.24

Pegasus

Malware

Spyware

New spyware attacks exposed: civil society targeted in Jordan

5.2.24

DiceLoader

Malware

Loader

This report aims to detail the functioning of a malware used by FIN7 since 2021, named DiceLoader (also known Icebot), and to provide a comprehensive approach of the threat by detailing the related Techniques...

5.2.24

Phemedrone Stealer

Malware

Stealer

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

5.2.24

Mispadu Stealer

Malware

Stealer

Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019

3.2.24

HeadLace

Malware

Backdoor

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

3.2.24

DirtyMoe

Malware

Backdoor

Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor

2.2.24

BPFdoor

Malware

Rootkit

We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), a piece of technology that allows programs to execute code in the operating systems of popular cloud-computing platforms. We also show how to detect such threats.

2.2.24

HeadCrab 2.0

Malware

Backdoor

HeadCrab 2.0: Evolving Threat in Redis Malware Landscape

1.2.24

QUIETBOARD

Malware

Python

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

1.2.24

EMPTYSPACE

Malware

Backdoor

Mandiant has observed UNC4990 leverage EMPTYSPACE (also known as VETTA Loader and BrokerLoader), a downloader that can execute any payload served by the command and control (C2) server, and QUIETBOARD, which is a backdoor that was delivered using EMPTYSPACE.

1.2.24

KRUSTYLOADER

Malware

Loader

KRUSTYLOADER - RUST MALWARE LINKED TO IVANTI CONNECTSECURE COMPROMISES

31.1.24

Grandoreiro

Malware

Banking

Grandoreiro is one of the many Latin American banking trojans such as Javali, Melcoz, Casabeniero, Mekotio, and Vadokrist, primarily targeting countries like Spain, Mexico, Brazil, and Argentina.

31.1.24

Rage Stealer

Malware

Stealer

From Screen Captures to Crypto wallets: Analyzing the Multi-Faceted Threat of Rage Stealer

31.1.24

Monster Stealer

Malware

Stealer

RUSSIAN STEALER LOG AGGREGATOR RELEASES FULLY NATIVE INFOSTEALER

31.1.24

ZLoader

Malware

Trojan

Zloader: No Longer Silent in the Night

29.1.24

LODEINFO

Malware

Backdoor

LODEINFO is a fileless malware that has been observed in campaigns that start with spear-phishing emails since December 2019.

29.1.24

SystemBC

Malware

Trojan

Inside the SYSTEMBC Command-and-Control Server

29.1.24

AllaKore RAT

Malware

RAT

AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development.

29.1.24

CherryLoader

Malware

GO base

CherryLoader: A New Go-based Loader Discovered in Recent Intrusions

29.1.24

RokRAT

Malware

RAT

It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents.

29.1.24

Glupteba

Malware

Cryptomining

Glupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet.

29.1.24

WhiteSnake Stealer

Malware

Python

Info Stealing Packages Hidden in PyPI

20.1.24

WasabiSeed

Malware

VBS

Screentime: Sometimes It Feels Like Somebody's Watching Me

19.1.24

ZuRu

Malware

OSX

Jamf Threat Labs discovers new malware embedded in pirated applications

18.1.24

AndroxGh0st

Malware

Android

CISA and FBI Release Known IOCs Associated with Androxgh0st Malware

17.1.24

Remcos RAT

Malware

RAT

Remcos RAT Being Distributed via Webhards

16.1.24

Phemedrone

Malware

Stealer

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

12.1.24

FBot 

Malware

Linux

Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services

11.1.24

AMOS

Malware

osx

Mac users targeted in new malvertising campaign delivering Atomic Stealer

11.1.24

NoaBot

Malware

Bot

You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance

10.1.24

PikaBot

Malware

Loader

Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component.

9.1.24

Lumma Stealer

Malware

Stealer

Deceptive Cracked Software Spreads Lumma Variant on YouTube

9.1.24

Silver RAT

Malware

RAT

A GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND IT’S SYRIAN ROOTS

6.1.24

SpectralBlur

Malware

macOS

Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) Macho family tracked as SpectralBlur we found in August, and how finding it led us to stumble upon an early iteration of KANDYKORN (aka SockRacket). Please read Elastic’s EXCELLENT piece on that family.

6.1.24

No-Justice

Malware

Wipper

Wiper attack on Albania by Iranian APT

5.1.24

Bandook RAT

Malware

RAT

Bandook - A Persistent Threat That Keeps Evolving

5.1.24

Remcos RAT

Malware

RAT

Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion

3.1.24

WhiteSnake Stealer

Malware

Stealer

WhiteSnake Stealer malware sample on MalwareBazaar

3.1.24

RisePro

Malware

Stealer

RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information, passwords, and personal data.

1.1.24

Medusa Stealer

Malware

Stealer

On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2).

1.1.24

Jinx

Malware

Stealer

Jinx – Malware 2.0 We know it’s big, we measured it!