EUVD-2023-24391

Malicious code in bioql PyPI...

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo...

New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection

A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of...

Snake Keylogger Variant Hits Windows, Steals Data via Telegram Bots

The New Snake Keylogger variant targets Windows users via phishing emails, using AutoIt for stealth. Learn how it…...

New Crypto Trojan.AutoIt.1443 Hits 28,000 Users via Game Cheats, Office Tool

Trojan.AutoIt.1443 targets 28,000 users, spreading via game cheats and office tools. This cryptomining and cryptostealing malware bypasses antivirus…...

Unmasking ViperSoftX: In-Depth Defense Strategies Against AutoIt-Powered Threats

Trellix Global Defenders: Unmasking ViperSoftX: In-Depth Defense Strategies Against AutoIt-Powered Threats By James Murphy · August 29, 2024 There’s a common misconception that threat actors must always write complicated and custom code in every piece of their malware, skilfully evading defenses,...

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime CLR to dynamically load and run PowerShell commands, thereby creating a PowerShell...

The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution

The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution By Sijo Jacob · July 9, 2024 This blog was also written by Mathanraj Thangaraju Threat Summary In the dynamic landscape of cyber threats, ViperSoftX has emerged as a highly sophisticated malware, adept at...

Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus

Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus. The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with microbiology and vacci...

afs-file-validator (=1.0.1), apkutils (>=1.0.2 <=1.0.4) +28 more potentially affected by CVE-2024-31636 via lief (>=0.10.1 <=0.14.1)

lief PYPI version =0.10.1, =1.0.2, =1.0.0, =0.0.0, =0.4.2, =0.0.1, =2024.9.24, =5.0.0, =1.0.0, =0.0.1, =0.0.1, =2.0.1, =1.2.0, =1.5.0 and more Source cves: CVE-2024-31636 Source advisory: OSV:GHSA-377P-G8GR-5WPG...

Cisco Secure Endpoint DoS (cisco-sa-clamav-dos-FTkhqMWZ)

A vulnerability in the Cisco Secure Endpoint AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could explo...

Battling a new DarkGate malware campaign with Malwarebytes MDR

First publicly reported in 2018, DarkGate is a Windows-based malware with a wide-range of capabilities including credential stealing and remote access to victim endpoints. Until recently, it was only seen being delivered through traditional email malspam campaigns. In late August 2023, however,...

Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware

Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous Ducktail stealer. "The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace,"...

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications VBA loader script that masquerades as a PDF document, which, when opened,...

Microsoft Teams used to deliver DarkGate Loader malware

Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. Until now, DarkGate was typically distributed via phishing emails. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. But...

Updated clamav packages fix security vulnerability

A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...

MGASA-2023-0257 Updated clamav packages fix security vulnerability

A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...

Mageia: Security Advisory (MGASA-2023-0257)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ClamAV 1.x < 1.0.2 DoS

A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability ...

Denial Of Service (DoS)

clamav is vulnerable to Denial Of Service DoS. The vulnerability exists due to a logic error in memory management, which allows an attacker to cause the ClamAV scanning process to restart unexpectedly by submitting maliciously crafted AutoIt file, resulting in a DoS condition...