Keksec, aka Nero and Freakout, the threat actor behind the advanced EnemyBot botnet, is expanding its reach by leveraging more exploits, compromising multiple organizations regardless of their industry vertical. The EnemyBot malware authors took all the best and left behind the obsolete of code used in other botnets such as Gafgyt, Qbot, or Mirai. The […]
Banking malware has been a true-and-tried cash cow for adversaries for a long time now. One of such efficient tools in malware distribution campaigns that target the banking sector is a remote-overlay banking trojan Grandoreiro. The trojan was first detected in 2016 (yet, some researchers claim the malware first surfaced in 2017), being used against […]
Letās start with a short rundown of developments regarding Windows zero-day vulnerability (CVE-2022-30190), aka Follina. Back in April 2022, a research team known under the moniker CrazymanArmy warned Microsoft of a new zero-day RCE vulnerability in one of their products. The tech corporation opted not to address the issue at that point. On May 27, […]
Earlier this month, security researchers discovered a malicious package in the Python Package Index (PyPI) registry. Once in the system, PyMafka fetches a relevant Cobalt Strike beacon based on the victimās OS. The name suggests that PyMafka is an attempt at typosquatting a PyKafka ā a cluster-aware Kafka protocol client for Python. Detect PyMafka In […]
Chaos graphical user interface (GUI) builder has been on the market for less than a year, allowing adversaries to craft new ransomware strains. A new ransomware variant dubbed Yashma is its 6th version, available from May 2022. Yashma is the most refined version of this GUI ransomware builder that is known for its flexibility and […]
Researchers warn the global InfoSec community of a new malware campaign aimed to spread the infamous Cobalt Strike Beacon malware via fake Proof of Concept (POC) exploits of the newly patched Windows vulnerabilities, including the critical RCE flaw tracked as CVE-2022-26809. The public availability of fake exploits in GitHub raises the stakes exposing millions of […]
State-run threat actor Lazarus rides again, this time exploiting the notorious Log4Shell vulnerability in VMware Horizons servers. In this campaign, adversaries leverage Horizon, targeting the Republic of Korea with a NukeSped backdoor. First documented exploits date back to January 2022, with Lazarus hackers being spotted exploiting Log4Shell in VMware Horizons products since mid-Spring 2022. Almost […]
As Discord is gaining extreme popularity among online user communities, with 150 million people using it as of 2021, hackers turn their sights to this chat, VoIP, and digital distribution platform. The possible attack surface is vast and promising, allowing threat actors to abuse Discord for malware distribution and other nefarious actions.Ā Recently, security researchers […]
Germany-located users are falling victim to a new malware campaign designed to spread a custom-built PowerShell remote access trojan (RAT). Adversaries set up a decoy site to trick people into taking the bait in a phony newsflash that claims to offer previously unpublished information regarding the situation in Ukraine. Victims are urged to download a […]
While cybersecurity professionals are working hard to augment SOC operations with more scalable and innovative solutions, threat actors are also putting an effort not to be left to bring up the rear in this everlasting security race. Security researchers detect the surge in the numbers of malware-as-a-service (MaaS) offers, with its operators coming with new […]