Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that’s designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver the commercial adversary simulation software. The development comes as improved detection […]
In a recent analysis, MQsTTang, a newly designed custom backdoor, has been scrutinized by ESET researchers. After a thorough investigation, the source of this malware has been attributed to the infamous Mustang Panda APT group by the experts. Tracing back to early January 2023, this ongoing campaign is attributed to the newly discovered backdoor. Customized […]
An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. “The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes,” SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a technical write-up. The […]
A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. “TrickGate managed to stay under the radar for years because it is transformative […]
Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. “The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation,” SentinelOne said in an analysis published […]
An advanced malware downloader named GuLoader has recently been exposed by cybersecurity researchers at CrowdStrike. This advanced downloader has the capability to evade the detection of security software by adopting a variety of techniques. While analyzing the shellcode of GuLoader, a brand-new anti-analysis technique was discovered by CrowdStrike through which researchers would be able to […]
There has recently been a discovery made by IBM Security X-Force Threat Researchers regarding a new variant of ransomware known as RansomExx that is dubbed RansomExx2 which was written in Rust language. While threat actor behind this malware is known as Hive0091 (aka DefrayX). Apart from this, the RansomExx is also known by following these […]
As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to […]
With global cybercrime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies’ biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an (over)abundance of solutions available. But beware, they may not give you a […]
The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. “Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 to trick victims into downloading malicious attachments that install Qakbot,” Zscaler Threatlabz […]
During the routine malware sample analysis, researchers from Palo Alto’s UNIT 42 uncovered the new malware sample that contains a malicious payload associated with the Red Team exploitation Tool called ” Brute Ratel C4 (BRc4)” that is used in the Pentesting industry to simulate the adversarial attacks. Threat actors are now moving out from Cobalt Strike and […]
Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit […]
Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service (DoS) condition and render it powerless against malicious traffic. Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine. It affects all open-source […]
Cybersecurity specialists report the detection of a new phishing campaign dedicated to the delivery of the AsyncRAT Trojan hidden in an HTML attachment. This malware allows threat actors to monitor affected systems and even control them remotely through an encrypted and undetectable connection for victims. The infection starts with a simple email containing an HTML […]
In a recent ongoing Emotet malware campaign, it has been identified that the threat actors behind this malicious campaign are using the unconventional IP address formats for the first time to confuse and deceive the security solutions. Here the threat actors have used hexadecimal and octal representations of the IP address. They use this to […]
Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using “unconventional” IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically […]
The APT groups are massively exploiting the long before registered domains for C&C to prevent detection. Exceedingly the higher numbers of malicious, dormant domains pose a serious risk to all internet users. As security researchers from Unit 42 Palo Alto have warned recently that some 22.3% of strategically aged domain owners can still cause something […]
Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has been dubbed “Blister” by researchers from Elastic Security, with […]
A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky “fileless” techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion’s Adversarial Counterintelligence Team (PACT), the malware uses a resilient domain generation algorithm (DGA) to identify its command-and-control (C2) […]
The experts of Google Threat Analysis Group, specialized in the investigation of state hacking campaigns, electronic fraud and disinformation, report the detection of a new evasion technique used by threat actors in order to evade detection in financial fraud campaigns. According to experts, this hacking group managed to create malicious code signatures that Windows identifies […]
Despite the disagreement of companies such as Apple and Mozilla, Google security teams released the Chrome 94 update for Android devices and desktops, which includes an inactivity detection API. The Chrome update includes other features described on Google’s official platforms. This feature, known as IdleDetection has generated controversy because it is designed for multi-user applications, […]