Malicious code in sea-bound-siren (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f2d5cc691968b1bb69f12ea7476c618f6432b42976869906df06312b912c0 On npm install, postinstall.js executes a shell pipeline that collects the output of id, os.hostname, the full process environment env | sort, the...

Malicious code in unique-id-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab3b19e4bd1602de93ca092a5909f8b69927c01d5a690d3484116024dfc46e2 Package impersonates the well-known sindresorhus/unique-string utility: package.json copies the author block name 'Sindre Sorhus', email...

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Unknown threat actors compromised CPUID "cpuid.com", a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident...

Exploit for Out-of-bounds Write in Mediatek Software_Development_Kit

What is Registry Exploit? Phantom-Registry-Exploit-Cve2025-20...

ZigStrike 2.0

ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a...

A Deep Dive into the Latest Version of Lumma InfoStealer

Unmasking the Evolving Threat: A Deep Dive into the Latest Version of Lumma InfoStealer with Code Flow Obfuscation By Mohideen Abdul Khader · April 21, 2025 Summary Lumma Stealer, first identified in 2022, remains a significant threat to this day, continuously evolving its tactics, techniques, an...

LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique

The stealer malware known as LummaC2 aka Lumma Stealer now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. The method is designed to "delay detonation of the sample until...

BunnyLoader: The New Malware-as-a-Service Threat

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary BunnyLoader is a Malware-as-a-Service threat, boasting advanced features like anti-sandbox techniques, keylogging, stealing data, cryptocurrency wallets, and remote command execution, posing risks to...

BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground

Cybersecurity experts have discovered yet another malware-as-a-service MaaS threat called BunnyLoader that's being advertised for sale on the cybercrime underground. "BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credential...

DeathRansom - A Ransomware Developed In Python, With Bypass Technics, For Educational Purposes

What is a ransomware? A ransomware is malware that encrypts all your files and shows a ransom request, which tells you to pay a set amount, usually in bitcoins BTC, in a set time to decrypt your files, or he will delete your files. How it works? First, the script checks if it's in a sandbox,...

Delphi Packer Looks for Human Behavior Before Deploying Payload

As bad actors continue to innovate in the area of sandbox evasion, the use of the Delphi programming language to pack malware code has become more and more prevalent. Researchers recently observed several spam campaigns using a specific packer written in Delphi that goes to great lengths to hunt...

Energy-warning! Be wary EnMiner mining kill-vulnerability warning-the black bar safety net

Recently, sangfor found a high strength of the virus against the behavior of the new mining virus, its viral mechanisms and conventional mining large difference, once infected, the cleanup is extremely difficult. Currently the virus in the outbreak early, sangfor has this virus named EnMiner mini...

Locky ransomware adds anti sandbox feature (updated)

By Marcelo Rivero and Jérôme Segura The Locky ransomware has been very active since its return which we documented in a previous blog post. There are several different Locky campaigns going on at the same time, the largest being the one from affiliate ID 3 which comes with malicious ZIP containin...

SmoothCriminal: Sandbox Detection Via Cursor Speeds!

PenTestIT RSS Feed It's that exciting time of the year folks when new people from the security walks of life throng to casinos in the desert. Yes! I am talking about Black Hat, BSidesLV, DefCon. Bringing to you a part of utility that will be completely released at BSidesLV - SmoothCriminal, which...