25 matches found
Under the Hood of BlotchyQuasar: DLL-Based RAT Campaigns against Latin America
A sophisticated malspam campaign was recently uncovered targeting Latin American countries, with a particular focus on Brazil. This operation utilizes a highly deceptive phishing email to trick users into executing a malicious MSI file, initiating a multi-stage infection. The core of the attack...
A Bag of RATs: VenomRAT vs. AsyncRAT
Introduction Remote access tools RATs have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT. These are open-sourc...
Malicious code in roblox-ts-core (npm)
This package contains a malicious postinstall script which downloads further payloads and delivers QuasarRAT. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53e846a11945248574678fe65e4f8cd5b4a766ff129c761b615aef0f0c595fa5 Any computer that has this package installe...
MAL-2024-7792 Malicious code in roblox-ts-core (npm)
This package contains a malicious postinstall script which downloads further payloads and delivers QuasarRAT. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53e846a11945248574678fe65e4f8cd5b4a766ff129c761b615aef0f0c595fa5 Any computer that has this package installe...
Malicious code in noblox.ts-core (npm)
This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor. --- -= Per source details. Do not edit below this line.=-...
MAL-2024-7769 Malicious code in noblox.ts-core (npm)
This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor. --- -= Per source details. Do not edit below this line.=-...
Malicious code in noblox-cores-ts (npm)
This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor. --- -= Per source details. Do not edit below this line.=-...
Malicious code in noblox-core-ts (npm)
This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor...
MAL-2024-7726 Malicious code in noblox-core-ts (npm)
This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor...
Malicious code in noblox-ts (npm)
This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor. --- -= Per source details. Do not edit below this line.=-...
MAL-2024-7462 Malicious code in noblox-ts (npm)
This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor. --- -= Per source details. Do not edit below this line.=-...
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor APT were calling "LilacSquid." LilacSquids victimology includes a diverse...
Snip3 Crypter an Advanced RAT Loader Targeting Multiple Industries
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A multi-stage remote access trojan RAT loader called Snip3 crypter was recently discovered deploying RAT families, including QuasarRAT and DcRAT, to target victims...
Threat Round up for January 13 to January 20
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Jan. 13 and Jan. 20. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families
Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information. "After execution, the stealer extracts username, passwords, credit card details, etc.," Cyble researchers said in an...
Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections
Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections By Taylor Mullins · March 23, 2022 Trellix is continuing to monitor the threat activity related to the LAPSUS$ threat group and their recent breaches of large organizations such as NVIDIA, Samsung, Microsoft, and Okta. This...
Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections
Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections By Taylor Mullins · March 23, 2022 Trellix is continuing to monitor the threat activity related to the LAPSUS$ threat group and their recent breaches of large organizations such as NVIDIA, Samsung, Microsoft, and Okta. This...
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan.These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 — a memory corruption vulnerability in...
Hackers are implanting multiple backdoors at industrial targets in Japan
Cybersecurity researchers on Tuesday disclosed details of a sophisticated campaign that deploys malicious backdoors for the purpose of exfiltrating information from a number of industry sectors located in Japan. Dubbed "A41APT" by Kaspersky researchers, the findings delve into a new slew of attac...
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, including locations in the United States. Researchers observed a...