Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve...

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network CDN cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor...

Suspected CoralRaider continues to expand victimology using three information stealers

By Joey Chen, Chetan Raghuprasad and Alex Karkins. Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new PowerShell command-lin...

Google takes CryptBot to the wood shed

Google is in the midst of a legal campaign designed to take down the creators of a very persistent piece of malware called CryptBot. This malware, which Google claims compromised roughly 670k computers, set about infecting users of the Chrome browser. Unfortunately for the malware campaign...

Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not...

Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not...

Actors, Threats and Vulnerabilities 23 January 2023 – 29 January 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, APT40 and Tick, are well-known Chinese threat actors known for information theft and...

PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans

Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot. "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot, and ...

BHUNT password stealer targets crypto wallets through cracked software

By Deeba Ahmed BHUNT is being regarded as an evasive crypto wallet stealer, just like previously identified Redline Stealer and CryptBot.… This is a post from HackRead.com Read the original post: BHUNT password stealer targets crypto wallets through cracked software...

Malicious KMSPico Windows Activator Stealing Users' Cryptocurrency Wallets

Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed "CryptBot," is an information stealer capable of...