Fake WinRAR downloads hide malware behind a real installer

A member of our web research team pointed me to a fake WinRAR installer that was linked from various Chinese websites. When these links start to show up, that’s usually a good indicator of a new campaign. So, I downloaded the file and started an analysis, which turned out to be something of a...

EUVD-2025-37546

Malicious code in dowloadebokbeforedawnvampirefallenbook1bymorganricefjwc4 npm...

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

Malicious code in avail-able-albu-m-down-load-2014-21052-the-inevitable-end-box51-pznqrt (npm)

The package avail-able-albu-m-down-load-2014-21052-the-inevitable-end-box51-pznqrt was found to contain malicious code...

CVE-2023-28813

An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files...

Malicious Package

Overview Pathoschild.Stardew.Mod.Build.Config is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on...

Malicious Package

Overview MinecraftPocket.Server is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on the victim's...

Malware Families Turn to Legit Pastebin-Like Service

Cybercriminals are increasingly turning to a legitimate, Pastebin-like web service for downloading malware — such as AgentTesla and LimeRAT — in spear-phishing attacks. Pastebin, a code-hosting service that enables users to share plain text through public posts called “pastes,” currently has 17...

UBUNTU-CVE-2017-6590

An issue was discovered in network-manager-applet aka network-manager-gnome in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation...

Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)

This host has Microsoft DNS Devolution and is prone to Third-Level Domain Name Resolving Weakness. OpenVAS Vulnerability Test $Id: secpodmsdnsdevolutionresolvingweakness.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness 971888 Authors...