Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader. The campaign "uses CountLoader as the initial tool in a multistage attack for...

RedTeam-Penetration-Test-UNF

UNF Penetration Testing Report – Red Team Engagement This rep...

XWorm V6: Exploring Pivotal Plugins

XWorm V6: Exploring Pivotal Plugins By Niranjan Hegde and Sijo Jacob · October 2, 2025 Introduction In the constantly evolving world of cyber threats, staying informed is not just an advantage; it's a necessity. First observed in 2022, XWorm quickly gained notoriety as a highly effective malware,...

An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps

Trend™ Research analyzed a campaign distributing Atomic macOS Stealer AMOS, a malware family targeting macOS users. Attackers disguise the malware as “cracked” versions of legitimate apps, luring users into installation...

Hiding behind a password

What do your passwords say about you? It’s surprisingly personal. User generated passwords can reveal more than you might expect, including frustration, humour, and even how someone feels about their job. My password manager database has over 350 entries. I have chosen or generated all of them wi...

Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings

Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. "One such project, officepackage, on the mai...

AMOS and Lumma stealers actively spread to Reddit users

We were alerted to Mac and Windows stealers currently distributed via Reddit posts targeting users engaging in cryptocurrency trading. One of the common lures is a cracked software version of the popular trading platform TradingView. The crooks are posting links to both Windows and Mac installers...

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR Stealer. The AhnLab Security Intelligence Center ASEC said it has observed a spike in the distribution volume of ACR Stealer since...

Wordpress Paid Membership Pro Code Unauthenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Paid Membership Pro code Unauthenticated SQLi', 'Description' = %q Paid Membership Pro, a WordPress plugin, prior to 2.9.8 is affected ...

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime CLR to dynamically load and run PowerShell commands, thereby creating a PowerShell...

NiceRAT Malware Targets South Korean Users via Cracked Software

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...

Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer

Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in...

New macOS Backdoor Stealthily Stealing Cryptowallets

Summary: MacOS users have reported infections resulting from the use of cracked software, exposing a previously undisclosed stealer malware that has the capability to collect data from cryptocurrency wallets and system configurations. Threat Level - Amber | Attack Report For a detailed threat...

NS-STEALER Utilizes Discord Bots for Covert Exfiltration of Sensitive Data

Summary: A recently discovered Java-based information stealer, named NS-STEALER, employs a Discord bot channel as an EventListener to exfiltrate sensitive data from compromised hosts. This malware is distributed through ZIP archives that disguise themselves as cracked software. Threat Level - Amb...

"Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets

Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data. Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS...

Cracked software beats gold: new macOS backdoor stealing cryptowallets

A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new...

JAVA-based Sophisticated Stealer Using Discord Bot as EventListener

JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener By Gurumoorthi Ramanathan · January 18, 2024 Executive Summary: In mid-November 2023, Trellix Advanced Research Center team members observed a Java-based stealer being spread through cracked software zip files using JDABuilder...

Maliciously Crafted Cracked Software Propagates Lumma Stealer via YouTube

Summary: In an attempt to deceive users into downloading the information-stealing virus Lumma, threat actors are exploiting YouTube videos featuring content related to cracked software. These videos typically include content related to the use of cracked software, accompanied by identical...

Anonymous Arabic Hacktivist Group Orchestrating Silver RAT

Summary: Silver RAT, a Windows-based RAT written in C and developed by a group known as "Anonymous Arabic," exhibits advanced capabilities, including antivirus evasion and ransomware encryption. Despite facing bans, the threat actors dynamic activities persist, featuring the sharing of cracked...

Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. "These YouTube videos typically feature content related to cracked applications, presenting users with similar...