Security researchers report alarming activity associated with a tailor-made malware dubbed Denonia to target Amazon Web Services (AWS) Lambda environments. The malware is written in the Go language. Once in the system, it is used to download, install, and execute the XMRig cryptomining files for Monero cryptocurrency mining. Detect Denonia Malware AWS Lambda malware, aka […]
A new wave of phishing delivering Remcos RAT payload has been observed by security researchers. Remcos is a commercial remote administration trojan developed by Breaking Security firm, that is accessible for free from their website. According to the source that developed this tool, Remcos is capable of downloading entire folders in one click, using a […]
A new info-stealer malware follows in the footsteps of Mars Stealer and BlackGuard. The malware is available for $125 per month or $1,000 for a lifetime subscription. On darknet markets, META Stealer is advertised as an upgrade of RedLine Stealer, which was first revealed in 2020. META Information Stealer Detection To protect your company infrastructure […]
A new tricky remote access tool dubbed Borat RAT was found by cybersecurity researchers. Just like the name suggests, it is a crazy mix of things that is hard to wrap your head around. Borat Trojan is a collection of malware modules coming with a builder and server certificate which includes more than 10 malicious […]
On March 30, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) put out a warning of a mass spread of malware named “Mars Stealer” targeting individuals and organizations in Ukraine. According to the CERT-UA research, adversaries behind Mars Stealer attacks are traced back to the hacking group tracked as UAC-0041 (associated with AgentTesla and […]
A malware loader Colibri that appeared not so long time ago – in August 2021, has been recently discovered delivering Vidar payloads in a new ongoing Colibri Loader campaign. Researchers indicate that Colibri uses an unusual persistence technique that hasn’t been tracked until this time. Updated functionality motivates adversaries to keep selling their new malware […]
FIN7, a financially motivated Russia-linked hacking group that has been active for almost a decade now, enhances its arsenal. FIN7 operations in general fall into two categories: Business Email Compromise (BEC) scams and point-of-sale (PoS) system intrusions. The threat actor is known for focusing their interest on financial organizations, even achieving the status of one […]
Ongoing malware distribution campaigns spread AsyncRAT, including the 3LOSH crypter across public repositories. Recent cybersecurity research analyzes the latest version of 3LOSH that is being used by adversaries to evade detection on devices in corporate environments. Besides AsyncRAT, a number of other commodity malware strains can be distributed by the same operator. The purpose of […]
Update: According to the latest heads-up from Arpil 7, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) issued an alert with the details of the most recent phishing attack on Ukrainian state bodies hard on the heels of the attack kill chain a couple of days ago identified by the similar behavior patterns. On […]
In March 2022, several novel vulnerabilities in the Java Spring framework were disclosed. One of these flaws affects a component in Spring Core, enabling adversaries to drop a webshell, granting Remote Command Execution (RCE). As of April 5, 2022, the SpringShell vulnerability tracked as CVE-2022-22965 is now confirmed to be of critical severity. CVE-2022-22965 Detection […]