browsersploit

This is an advanced browser exploit pack for internal and external pentesting, aiming to gain access to internal computers. The tool is not for script kiddies or non-advanced coders, as it contains bugs and is intended for experienced users. The pack includes various techniques to bypass antiviru...

Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of...

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan RAT, developed in C, is a highly sophisticated malware offering unauthorised remote access with...

Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection

A sophisticated phishing-as-a-service PhaaS platform called Darcula has set its sights on organizations in over 100 countries by leveraging a massive network of more than 20,000 counterfeit domains to help cyber criminals launch attacks at scale. "Using iMessage and RCS rather than SMS to send te...

ExelaStealer A New Entrant in the InfoStealer Landscape

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ExelaStealer is a newly discovered InfoStealer malware that emerged in August 2023. Its distinctive feature lies in being an open-source tool, customizable for a fee. Primarily coded in Python,...

FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection

An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for...

Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities

Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the "socially engineered supply chain" attack around mid-July 2022, said the malicious I...

This New Fileless Malware Hides Shellcode in Windows Event Logs

A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. "It allows the 'fileless' last stage trojan to be hidden from plain sight in the file system," Kaspersky researcher Denis Legezo said in a technical write-...

Attackers Use Event Logs to Hide Malware

Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover for...

A new secret stash for “fileless” malware

In February 2022 we observed the technique of putting the shellcode into Windows event logs for the first time "in the wild" during the malicious campaign. It allows the "fileless" last stage Trojan to be hidden from plain sight in the file system. Such attention to the event logs in the campaign...

Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection

The Chinese advanced persistent threat APT Mustang Panda a.k.a. Temp.Hex, HoneyMyte, TA416 or RedDelta has upgraded its espionage campaign against diplomatic missions, research entities and internet service providers ISPs – largely in and around Southeast Asia. For one thing, the APT has deployed...

redpill

This is a PowerShell module repository called "redpill" that provides various post-exploitation tools for Windows systems. The repository contains several scripts that can be used to perform different tasks such as: Bypassing AppLocker restrictions Hijacking browser cookies Downloading and...

Lemon Duck Cryptojacking Botnet Changes Up Tactics

The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework...

What did DeathStalker hide between two ferns?

DeathStalker is a threat actor thats been active since at least 2012, and we exposed most of their past activities in a previous article, as well as during a GREAT Ideas conference in August 2020. The actor drew our attention in 2018 because of distinctive attack characteristics that didnt fit in...

MacOS Users Targeted By OceanLotus Backdoor

A macOS backdoor variant has been uncovered that relies of multi-stage payloads and various updated anti-detection techniques. Researchers linked it to the OceanLotus advanced persistent threat APT group. The Vietnam-backed OceanLotus also known as APT 32 has been around since at least 2013, and...

Oracle Solaris Zero-Day Attack Revealed

A previously known threat group, called UNC1945, has been compromising telecommunications companies and targeting financial and professional consulting industries, by exploiting a security flaw in Oracle’s Solaris operating system. Researchers said that the group was exploiting the bug when it wa...

Spyware Labeled 'TikTok Pro' Exploits Fears of U.S. Ban

Researchers have discovered a new Android spyware campaign pushing a “Pro” version of the TikTok app that is exploiting fears among its young and gullible users that the popular social media app is on the cusp of being banned in the United States. The malware can take over basic device...

Naikon APT Hid Five-Year Espionage Attack Under Radar

After five years under the radar, the Naikon APT group has been unmasked in a long-term espionage campaign against several governments in the Asia-Pacific region. The Chinese APT group was first uncovered by Kaspersky researchers in 2015, in attacks against top-level government agencies around th...

Joker Spyware Found in 24 Google Play Apps

A new spyware has been making the rounds in Android apps on Google Play, infecting victims post-download to steal their SMS messages, contact lists and device information. In addition to stealing victims’ information, the malware also stealthily signs them up for premium service subscriptions tha...

It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign

This blog was authored by Danny Adamitis, David Maynor and Kendall McKay. Executive summary Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried...