Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware

Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions...

Open the wrong “PDF” and attackers gain remote access to your PC

Cybercriminals behind a campaign dubbed DEADVAX are taking phishing one step further by delivering malware inside virtual hard disks that pretend to be ordinary PDF documents. Open the wrong “invoice” or “purchase order” and you won't see a document at all. Instead, Windows mounts a virtual drive...

AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto

Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management RMM software, to deliver a fleshless loader that drops a remote access trojan RAT called AsyncRAT to steal sensitive data from compromised...

New Fileless Malware Attack Uses AsyncRAT for Credential Theft

LevelBlue Labs reports AsyncRAT delivered through a fileless attack chain using ScreenConnect, enabling credential theft and persistence...

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024. Some of the notable malware families...

GodRAT – New RAT targeting financial institutions

Summary In September 2024, we detected malicious activity targeting financial trading and brokerage firms through the distribution of malicious .scr screen saver files disguised as financial documents via Skype messenger. The threat actor deployed a newly identified Remote Access Trojan RAT named...

AsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe

Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT , which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. "AsyncRAT has cemented its place as a cornerstone of modern malware an...

A week in security (June 1 – June 7)

Last week on Malwarebytes Labs: What does Facebook know about me? Lock and Code S06E11 Victims risk AsyncRAT infection after being redirected to fake Booking.com sites Juice jacking warnings are back, with a new twist The North Face warns customers about potentially stolen data Scammers are...

Victims risk AsyncRAT infection after being redirected to fake Booking.com sites

Cybercriminals have started a campaign of redirecting links placed on gaming sites and social media—and as sponsored ads—that lead to fake websites posing as Booking.com. According to Malwarebytes research, 40% of people book travel through a general online search, creating a lot of opportunities...

Booking.com Phishing Scam Uses Fake CAPTCHA to Install AsyncRAT

Fake Booking.com emails trick hotel staff into running AsyncRAT malware via fake CAPTCHA, targeting systems with remote access…...

China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation

Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Centr...

Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links

The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024. "The campaign, which leverages social media to distribute malware, is tied to the region's current geopolitical climate," Positive...

AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks

A malware campaign has been observed delivering a remote access trojan RAT named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. "AsyncRAT is a remote access trojan RAT that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs...

A Bag of RATs: VenomRAT vs. AsyncRAT

Introduction Remote access tools RATs have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT. These are open-sourc...

SocGholish Malware Exploits BOINC Project for Covert Cyberattacks

The JavaScript downloader malware known as SocGholish aka FakeUpdates is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an open-source "volunteer...

Backdoor.Win32.AsyncRat MVID-2024-0683 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/2337b9a12ecf50b94fc95e6ac34b3ecc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.AsyncRat Vulnerability: Arbitrary Code Execution Description: The malware...

Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. "These YouTube videos typically feature content related to cracked applications, presenting users with similar...

AsyncRAT Infiltrates Key US Infrastructure Through GIFs and SVGs

By Deeba Ahmed Undetected for Over 11 Months, AsyncRAT Lurked on Systems of Sensitive US Agencies with Critical Infrastructures, reports the… This is a post from HackRead.com Read the original post: AsyncRAT Infiltrates Key US Infrastructure Through GIFs and SVGs...

Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases

This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnetcompiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications...

A New Face of AsyncRAT Utilizes WSF Scripts to Spread

Summary: AsyncRAT is a remote access trojan RAT malware known for stealing credentials and executing various malicious activities since 2019. Its recent variant, distributed through WSF script files, employs sophisticated fileless techniques, emphasizing the importance of user caution and robust...