44 matches found
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
Microsoft is calling attention to a novel remote access trojan RAT named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to "steal information from the...
Malicious code in ilovenyxxbait (PyPI)
The package acts as an infostealer, exfiltrating sensitive files and credentials from browser databases via Telegram...
Malicious code in ilovenyxx (PyPI)
The package acts as an infostealer, exfiltrating sensitive files and credentials from browser databases via Telegram...
SmokeLoader Malware Exploits MS Office Flaws to Steal Browser Credentials
SmokeLoader malware has resurfaced with enhanced capabilities and functionalities, targeting your personal data...
Cookie-Monster - BOF To Steal Browser Cookies & Credentials
Steal browser cookies for edge, chrome and firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data files, copy the handles and then filelessly download the target. Once the Cookies/Login Data files are...
Multiple State-Sponsored Groups Exploit WinRAR Vulnerability in Phishing Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A series of phishing attacks linked to a Russian state-sponsored group, leveraging a WinRAR vulnerability to steal data, including browser credentials via PowerShell commands and exfiltrating it through ...
New open-source infostealer, and reflections on 2023 so far
Welcome to this weeks edition of the Threat Source newsletter. Im covering for Jon this week whilst he takes some well-deserved holiday. Whats on my mind this week? Well, apart from a new horror film that I just read about called "Slotherhouse" where the killer is, um, a sloth I predict nothing b...
CVE-2020-11711
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possibl...
Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks
A new custom backdoor dubbed Stealth Soldier has been deployed as part of a set of highly-targeted espionage attacks in North Africa. "Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording,...
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges
A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel. "The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP...
New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts
A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions .NetCore, the latest version PHP also aims to...
Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums
A previously undocumented "sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP...
Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer
Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer By Taylor Mullins · February 7, 2022 What information are you storing in your Browsers? Storing credentials and other important information in web browsers is a helpful method to not have to...
CVE-2021-35527
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions...
CVE-2021-35527
CVE-2021-35527 affects Hitachi ABB Power Grids eSOMS web application password field. The issue is described as insufficiently protected credentials stored by the browser, enabling potential disclosure of user credentials for Hitachi ABB Power Grids eSOMS versions 6.3 and earlier. The advisory ICS...
Hitachi ABB Power Grids eSOMS 安全漏洞
Hitachi ABB Power Grids eSOMS is an application from Hitachi ABB Power Grids. a shift operations management system for the power generation industry. A security vulnerability exists in Hitachi ABB Power Grids eSOMS that stems from a password auto-fill vulnerability in the password field of the...
Revamped HawkEye Keylogger Swoops in on Coronavirus Fears
There’s a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. It’s being distributed using spam that purports to be an “alert” from the Director-General of...
Revamped HawkEye Keylogger Swoops in on Coronavirus Fears
There’s a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. It’s being distributed using spam that purports to be an “alert” from the Director-General of...
Separ Malware Plucks Hundreds of Companies' Credentials in Ongoing Phish
An ongoing phishing campaign is using malicious PDF documents to spread Separ malware and ultimately steal victims’ browser and email credentials. Since the attack started at the end of January, it has affected around 200 companies and over 1,000 individuals, located mainly in Southeast Asia, the...
SharpWeb - .NET 2.0 CLR Project To Retrieve Saved Browser Credentials From Google Chrome, Mozilla Firefox And Microsoft Internet Explorer/Edge
SharpWeb is a .NET 2.0 CLR compliant project that can retrieve saved logins from Google Chrome, Firefox, Internet Explorer and Microsoft Edge. In the future, this project will be expanded upon to retrieve Cookies and History items from these browsers. Usage Usage: .\SharpWeb.exe arg0 arg1 arg2...