11 matches found
Discord CDN Link Abused to Deliver RAT Disguised as OneDrive File
Hackers are installing multiple RMMs like Atera and Splashtop in a new malware attack. This article details the abuse of Discord CDN link andn fake OneDrive phishing campaign discovered by Sublime Security...
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub
An "intricately designed" remote access trojan RAT called Xeno RAT has been made available on GitHub, making it easily accessible to other actors at no extra cost. Written in C and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT comes with a "comprehensive set of...
New Rugmi Malware Loader Surges with Hundreds of Daily Detections
A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer aka LummaC2, Vidar, RecordBreaker aka Raccoon Stealer V2, and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. "This malware ...
Discord, I Want to Play a Game
Discord, I Want to Play a Game By Ernesto Fernández Provecho and David Pastor Sanz Threatray · October 16, 2023 Discord is the first choice for gamers when they want to chat with some friends while playing an online computer game. Moreover, it is also a major choice for users that simply want to...
Beware: Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discord’s content delivery network CDN to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware...
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social...
Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant
A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, latest findings from ThreatFabric reveal. Named "Xenomorph 3rd generation" by the Hadoken Security Group, the threat actor behind the operation, the updated version comes with new features that allow it to perfo...
Malicious Package
Overview rbxtools is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Discor...
Malicious Package
Overview testpipper is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a...
The Top 5 Russian Cyber Threat Actors to Watch
This post was updated on March 10, 2022 to include a section on the Conti Ransomware Group. As we continue to monitor the situation between Russia and Ukraine – and the potential for global cybersecurity impacts – we realize that our customers and other business and industry stakeholders may be...
Discord CDN and API Abuses Drive Wave of Malware Detections
Discord has a malware problem. And although the platform is predominantly used by gamers, it turns out even users who have never interacted with Discord are at risk. Discord creates servers or specific groups or communities of users who can send voice, text and other media messages between one...