Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve...

Torrent for DiCaprio’s “One Battle After Another” Movie Drops Agent Tesla

Bitdefender researchers warn that the torrent for Leonardo DiCaprio’s One Battle After Another is a trap deploying Agent Tesla malware. Learn how the fileless LOTL attack targets unsuspecting Windows users...

Your Shipment Notification is Now a Malware Dropper

Forcepoint X-Labs reports a surge in sophisticated email attacks using obfuscated JavaScript and steganography to deliver dangerous RATs and info-stealers like Formbook and Agent Tesla. Learn how to defend against the threat...

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024. Some of the notable malware families...

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo...

New TorNet Backdoor Exploits TOR Network in Advanced Phishing Attack

Advanced phishing campaign targets Poland and Germany, delivering Agent Tesla, Snake Keylogger and newly identified TorNet backdoor via…...

PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks

A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a...

Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware

Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses SMBs in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT. Some of the other regions targeted by the campaigns...

New Phishing Campaign Uses Stealthy JPGs to Drop Agent Tesla

Spanish speakers beware! A new campaign using the Agent Tesla RAT targets Spanish-speaking individuals. Learn how to protect…...

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by...

Tracing the Footprints of Agent Tesla’s Conspirators

...

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment...

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware

Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the...

New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks

A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. "ZPAQ is a file compression format that offers a better compression ratio and journaling function compared t...

Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper

A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and RedLine Clipper, to gather a wide range of information from compromised Windows machines. "A phishing email delivers the Word document as an...

Agent Tesla’s New Variant Spreads Through Crafted Excel Files

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A phishing campaign has surfaced, disseminating a new iteration of the Agent Tesla malware through a meticulously crafted Microsoft Excel document. This document exploits a longstanding memory corruption...

New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs

By Deeba Ahmed FortiGuard Discovers Phishing Campaign Distributing New Agent Tesla Variant to Windows Devices. This is a post from HackRead.com Read the original post: New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs...

Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant

The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist. "APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain...

PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland

Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023,...

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spai...