SocGholish Malware Exploits BOINC Project for Covert Cyberattacks

The JavaScript downloader malware known as SocGholish aka FakeUpdates is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an open-source "volunteer...

Indian Software Firm's Products Hacked to Spread Data-Stealing Malware

Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware. The installers correspond to Notezilla, RecentX, and Copywhiz, according to cybersecurity firm Rapid7, which discovered the supply...

Warning: New Adware Campaign Targets Meta Quest App Seekers

A new campaign is tricking users searching for the Meta Quest formerly Oculus application for Windows into downloading a new adware family called AdsExhaust. "The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes,"...

Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware

The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, according to findings from cybersecurity firm Intezer. "The loader is added to a legitimate DLL, usually EDR or AV products, by binary patching the file and employing...

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful...

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service MaaS model, target ove...

Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation. "The incident involves a threat actor overwhelming a user's email with junk and...

SimpleNetwork 安全漏洞

SimpleNetwork is the Simple TCP service. A security vulnerability exists in SimpleNetwork version 29bc615 and earlier, which stems from a security issue in TCPServer.cpp that can cause a buffer overflow via a crafted TCP packet...

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver a malware called SSLoad. The campaign, codenamed FROZENSHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software...

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the...

Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said...

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index PyPI repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been...

SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks

Cybersecurity researchers have shed light on the command-and-control C2 server workings of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control C2 server, and a web administration...

Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" Package

A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The package, named "oscompatible," was published on January 9, 2024, attracting a total of 380 downloads before it was taken down. oscompatible included ...

Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals

Threat actors operating under the name Anonymous Arabic have released a remote access trojan RAT called Silver RAT that's equipped to bypass security software and stealthily launch hidden applications. "The developers operate on multiple hacker forums and social media platforms, showcasing an...

RansomwareSim - A Simulated Ransomware

Overview RansomwareSim is a simulated ransomware application developed for educational and training purposes. It is designed to demonstrate how ransomware encrypts files on a system and communicates with a command-and-control server. This tool is strictly for educational use and should not be use...

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led t...

CVE-2023-46262

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery SSRF in Ivanti Avalanche Remote Control server...