All You Need to Know About Emotet in 2022

For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans...

Ecommerce 1.0 Cross Site Scripting / Open Redirect

Title: Ecommerse-1.0 XSS-Reflected Hijack-credentials - JavaScript Injection Author: nu11secur1ty Date: 11.23.2022 Vendor: https://github.com/winston-dsouza Software: https://github.com/winston-dsouza/ecommerce-website Reference:...

Aurora Botnet evolves into a Stealer

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Aurora was first discovered in Russian-speaking underground forums and was capable of stealing, downloading, and gaining remote access. A threat actor by the name of Cheshire is selling this...

Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware

A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of campaigns designed to steal sensitive information from compromised hosts. "These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency...

RapperBot Campaign Launches DDoS Attacks on Game Servers

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The new RapperBot malware version creates a botnet capable of launching Distributed Denial of Service DDoS attacks. The latest version can launch Telnet brute-force strikes, DoS attacks using the Generic...

FBI-Wanted Leader of the Notorious Zeus Botnet Gang Arrested in Geneva

A Ukrainian national who has been wanted by the U.S for over a decade has been arrested by Swiss authorities for his role in a notorious cybercriminal ring that stole millions of dollars from victims' bank accounts using malware called Zeus. Vyacheslav Igorevich Penchukov, who went by online...

Warning: New RapperBot Campaign Aims to Launch DDoS Attacks at Game Servers

Cybersecurity researchers have unearthed new samples of malware called RapperBot that are being used to build a botnet capable of launching Distributed Denial of Service DDoS attacks against game servers. "In fact, it turns out that this campaign is less like RapperBot than an older campaign that...

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Vyacheslav "Tank" Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources. Wanted Ukrainian...

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

A newly discovered evasive malware leverages the Secure Shell SSH cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service DDoS attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team SIRT, t...

Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network

The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-...

Fodcha DDoS Botnet Resurfaces with New Capabilities

The threat actor behind the Fodcha distributed denial-of-service DDoS botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target,...

Threat Roundup for October 21 to October 28

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Oct. 21 and Oct. 28. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace

A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called The Real Deal that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye, who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been...

Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware

The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems. In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was foun...

Mirai Botnet Hits Wynncraft Minecraft Server with 2.5 Tbps DDoS Attack

Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service DDoS attack launched by a Mirai botnet. Characterizing it as a "multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack...

Massive Multi-Vector 1.37 Tbps DDoS Attack Mitigated by Imperva DDoS Protection

On July 22, an Imperva customer was targeted by a network DDoS attack that reached a maximum bandwidth of 1.37 trillion bits per second Tbps, making it one of the largest attacks that Imperva has stopped and one of the larger DDoS attacks on record. The attack lasted a little over two hours in...

Exploit for Incorrect Calculation in Moodle

Proof of concept for CVE-2022-30600 Overview This rep...

New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons

A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. "The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan...

Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems

A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office SOHO routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host...

Threat Roundup for September 16 to September 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 16 and Sept. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...