11 matches found
Adversarial Co-Evolution of Malware and Detection Models: A Bilevel Optimization Perspective
Machine learning-based malware detectors are increasingly vulnerable to adversarial examples. Traditional defenses, such as one-shot adversarial training, often fail against adaptive attackers who use reinforcement learning to bypass detection. This paper proposes a robust defense framework based...
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve...
DCRat backdoor returns
Since the beginning of the year, we've been tracking in our telemetry a new wave of DCRat distribution, with paid access to the backdoor provided under the Malware-as-a-Service MaaS model. The cybercriminal group behind it also offers support for the malware and infrastructure setup for hosting t...
CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
The Computer Emergency Response Team of Ukraine CERT-UA on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan named DCRat aka DarkCrystal RAT. The Ukrainian cybersecurity authority said it observe...
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the infection chain...
New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users
Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat aka DarkCrystal RAT by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously...
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign
The Computer Emergency Response Team of Ukraine CERT-UA has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020, whic...
Snip3 Crypter an Advanced RAT Loader Targeting Multiple Industries
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A multi-stage remote access trojan RAT loader called Snip3 crypter was recently discovered deploying RAT families, including QuasarRAT and DcRAT, to target victims...
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers
As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread...
Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums
Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat aka DarkCrystal RAT that's offered on sale for "dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian...
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan.These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 — a memory corruption vulnerability in...