Titan Stealer malware, which is being marketed and sold by a threat actor (TA) through a Telegram channel for cybercrime purposes. The stealer is capable of stealing a variety of information from infected Windows machines, including...
News and Articles
New JSSLoader Trojan Delivered Through XLL Files
A new, obfuscated version of the JSSLoader remote access trojan has been delivered to infected machines through XLL files, Morphisec Labs has revealed. REFERENCE:...
New SysJoker Backdoor Targets Windows, Linux, and macOS
In December 2021, Intezer discovered a new multi-platform backdoor that targets Windows, Mac, and Linux. The Linux and Mac versions are fully undetected in VirusTotal. Intezer named this backdoor SysJoker. REFERENCE:...
Widespread Credential Phishing Campaign
Widespread credential phishing campaign abuses open redirector links Microsoft has been tracking a widespread credential phishing campaign using open redirector links, a feature that allows attackers to link to a trusted domain and embed...
New Mirai Variant Targets WebSVN
New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) A critical command injection vulnerability affecting WebSVN, an open-source web application for browsing source code, has been exploited in the wild to...
Emerging Ransomware Groups
Emerging Ransomware Groups: AvosLocker, Hive, HelloKitty, LockBit 2.0 A look at some of the emerging ransomware groups that are currently affecting organizations and are likely to become more prevalent in the future, according to security...
Diavol – A New Ransomware Used By Wizard Spider
A new family of ransomware called Diavol has been discovered and could be linked to a criminal group known as Wizard Spider, according to PSIRT research and a report published in the Security Research Journal. REFERENCE:...
Malware Masquerades as Privacy Tool
Proofpoint researchers found a new threat enticing users to download malware by masquerading as a “Privacy Tools” service offering a tool that “encrypts” user data using a zip-like utility. The fake website is professional-looking and...
ChaChi: a New GoLang RAT
BlackBerry has identified a new type of malicious software written in the Go programming language as the operator of the PYSA ransomware campaign, which has been targeting education institutions across the United States and Canada....
Klingon RAT
With more malware written in Golang than ever before, the threat from Go-based Remote Access Trojans (RATs) has never been higher. Not only has the number of Go malware increased but also the sophistication of these threats. This is a...
Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions
A recently discovered Bash ransomware piqued our interest in multiple ways. Upon investigating, Trend Micro found that the attack chain is fully implemented as a bash script, but it also seems that the scripts are still under development....
Gootloader: Initial Access as a Service Platform Expands Its Search for High Value Targets
The ongoing Gootloader campaign expands its scope to highly sensitive assets worldwide including financial, military, automotive, pharmaceutical and energy sectors, operating on an Initial Access as a Service model. REFERENCES:...