Browsing tag
A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader. The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks. “The […]
The patch was issued for CVE-2021-40444 to prevent the execution of code that downloaded the Microsoft Cabinet (CAB) archive containing a malicious executable. Sophos Labs researchers have shared their findings over how attackers used a novel exploit to bypass a patch for a crucial vulnerability impacting the Microsoft Office file format. Researchers revealed that the […]
Formbook campaign with what looks like a few changes. Recently the criminals distributing this malware have been using .exe files inside various forms of an archive, including .iso, .ace, .rar. , zip. Frequently they use various Microsoft Office Equation Editor exploits to contact a remote site & download the payload. Very occasionally I have seen […]
It seems that sophisticated computer hackers have changed the way they perform cyber operations rather than investing zero-day and developing their formbook malware; Some groups of hackers have started to use malware already made, such as scripts. Perhaps, this could be a smart solution for state-sponsored hackers to avoid being easily attributed. Security researchers from […]
Security researchers from Arbornetworks and FireEye identified a Sophisticated Malware(FormBook malware) campaigns targetting Aerospace, Defense Contractor, and Manufacturing sectors around U.S. and South Korea The Malware is highly Sophisticated and injects itself in various process memory and can record keystrokes, Clipboard Contents and HTTP Sessions. Also, it responds to commands from C&C like System reboot, […]
It seems sophisticated hackers have changed the way they conduct targeted cyber operations—instead of investing in zero-days and developing their malware; some hacking groups have now started using ready-made malware just like script kiddies. Possibly, this could be a smart move for state-sponsored hackers to avoid being attributed easily. Security researchers from multiple security firms, […]