A new info-stealer malware follows in the footsteps of Mars Stealer and BlackGuard. The malware is available for $125 per month or $1,000 for a lifetime subscription. On darknet markets, META Stealer is advertised as an upgrade of RedLine Stealer, which was first revealed in 2020. META Information Stealer Detection To protect your company infrastructure […]
A new tricky remote access tool dubbed Borat RAT was found by cybersecurity researchers. Just like the name suggests, it is a crazy mix of things that is hard to wrap your head around. Borat Trojan is a collection of malware modules coming with a builder and server certificate which includes more than 10 malicious […]
On March 30, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) put out a warning of a mass spread of malware named “Mars Stealer” targeting individuals and organizations in Ukraine. According to the CERT-UA research, adversaries behind Mars Stealer attacks are traced back to the hacking group tracked as UAC-0041 (associated with AgentTesla and […]
A malware loader Colibri that appeared not so long time ago – in August 2021, has been recently discovered delivering Vidar payloads in a new ongoing Colibri Loader campaign. Researchers indicate that Colibri uses an unusual persistence technique that hasn’t been tracked until this time. Updated functionality motivates adversaries to keep selling their new malware […]
FIN7, a financially motivated Russia-linked hacking group that has been active for almost a decade now, enhances its arsenal. FIN7 operations in general fall into two categories: Business Email Compromise (BEC) scams and point-of-sale (PoS) system intrusions. The threat actor is known for focusing their interest on financial organizations, even achieving the status of one […]
Ongoing malware distribution campaigns spread AsyncRAT, including the 3LOSH crypter across public repositories. Recent cybersecurity research analyzes the latest version of 3LOSH that is being used by adversaries to evade detection on devices in corporate environments. Besides AsyncRAT, a number of other commodity malware strains can be distributed by the same operator. The purpose of […]
Update: According to the latest heads-up from Arpil 7, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) issued an alert with the details of the most recent phishing attack on Ukrainian state bodies hard on the heels of the attack kill chain a couple of days ago identified by the similar behavior patterns. On […]
In March 2022, several novel vulnerabilities in the Java Spring framework were disclosed. One of these flaws affects a component in Spring Core, enabling adversaries to drop a webshell, granting Remote Command Execution (RCE). As of April 5, 2022, the SpringShell vulnerability tracked as CVE-2022-22965 is now confirmed to be of critical severity. CVE-2022-22965 Detection […]
Fire Chili is a novel strain of malware that has been leveraged by a Chinese APT group Deep Panda exploiting Log4Shell vulnerability in VMware Horizon servers. The primary focus of adversaries is cyber espionage. Targeted organizations include financial institutions, academic, travel, and cosmetics industries. Log4Shell is associated with a high-severity CVE-2021-44228 vulnerability in the Log4j […]
Purple Fox malware has been wreaking all sorts of havoc on personal computers since 2018, infecting more than 30,000 machines globally. The latest studies found that Purple Fox hackers continue improving their infrastructure and adding new backdoors. To expand the botnet scale, Purple Fox is spreading trojanized installers that masquerade as legitimate software packages. The […]