123 matches found
HelloNet campaign — new malicious modules launched through the ViPNet update system
UPD 16.07.2026: Added rules to protect companies using our SIEM system Kaspersky SIEM, and listed events for developing custom detection rules or conducting Threat hunting. UPD 16.07.2026: Added detection of the malicious activity using Kaspersky Managed Detection and Response. UPD 16.07.2026:...
Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by...
The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign
UPD 03.07.2026: added a package of rules and recommendations that help detect the described malicious activity for companies using our Kaspersky SIEM system. Introduction To access compromised systems, threat actors frequently abuse legitimate remote monitoring tools. At first glance, these...
Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor
Acronis reveals Mustang Panda is using an updated version of LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works...
Fake Claude AI Installer Targets Windows Users with PlugX Malware
Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems...
Windows-privilege-exploits
Elevation !Windowshttps://img.shields.io/badge/platform-Wi...
JanelaRAT: a financial threat targeting users in Latin America
Background JanelaRAT is a malware family that takes its name from the Portuguese word "janela" which means "window". JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has...
Android Developer Verification Rollout Begins Ahead of September Enforcement
Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesi...
A week in security (March 23 – March 29)
Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for...
CVE-2026-33156
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...
Advanced Flow will make Android sideloading safer
Google has announced the introduction of Advanced Flow, designed to let Android users install apps from unverified developers more safely than before. This process is known as sideloading. It means installing an app on your device from somewhere other than the Google Play store, usually by...
CVE-2026-33156
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...
CVE-2026-33156
CVE-2026-33156 affects ScreenToGif (portable versions up to 2.42.1). The flaw is DLL sideloading through version.dll: when run from a user-writable directory, the executable loads version.dll from its own directory instead of Windows System32, enabling arbitrary code execution in the user’s conte...
CVE-2026-33156
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...
CVE-2026-33156 DLL Sideloading in ScreenToGif
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...
EUVD-2026-13793
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...
CVE-2026-33156 DLL Sideloading in ScreenToGif
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...
CVE-2026-33156 DLL Sideloading in ScreenToGif
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech...
PT-2026-26676
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...