Malicious Package

Overview @car-loans/applicaion-aff is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate...

New .NET AOT Malware Hides Code as a Black Box to Evade Detection

Researchers at Howler Cell have discovered a new .NET AOT malware campaign that uses a clever scoring system…...

CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it...

Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks

The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector...

Turla’s Tiny Backdoor Exploits MSBuild to Evade Detection

...

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure ICS involved the threat actor creating rogue virtual machines VMs within its VMware environment. "The adversary created...

New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location

By Deeba Ahmed New Dark Web Tool GEOBOX, sold for $700 on Telegram and underground forums, hijacks Raspberry Pi, allowing cybercriminals to fake locations and evade detection. This is a post from HackRead.com Read the original post: New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location...

Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams

A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. "Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to a personal account, a...

New GootLoader Malware Variant Evades Detection and Spreads Rapidly

A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. "The GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using...

MAL-2023-8358 Malicious code in aws-consoler2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b37bd86b6f9bda9d03029c9d2fa09561b2b43cda7c3fddda1389c8e193c4a938 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8351 Malicious code in aliababcloud-tea-openapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 644686188e6f43d2dc595074d7644cba060e6a91b8de18713f4b551a76a6c3b7 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

MAL-2023-8367 Malicious code in python-aliyun-sdk-rds (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 56906386c88b620607253fc1d00a6d5d205c6a535a2ba12fc63108f09761300b Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using "Magic Packets"

A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet. "The Syslogk rootkit is heavily based on Adore-Ng but incorporates new...

CVE-2021-45335

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files...

New Malware Targets Windows Subsystem for Linux to Evade Detection

A number of malicious samples have been created for the Windows Subsystem for Linux WSL with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft"...

New malware found using Google Drive as its command-and-control server

Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities. Cybersecurity researchers have now spotted a new malware attack campai...

Dridex Banking Trojan Gains ‘AtomBombing’ Code Injection Ability to Evade Detection

Security researchers have discovered a new variant of Dridex – one of the most nefarious banking Trojans actively targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called "AtomBombing." On Tuesday, Magal Baz, security researcher at Trusteer I...

Malware Evades Detection with Novel Technique

Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher’s test environment. The malware, according to researcher Caleb Fenton with security firm SentinelOne, evades detection simply by counting the number of...

JavaScript Malicious Escape Obfuscation Technique

Known exploits could potentially bypass security products by using JavaScript obfuscation techniques. Obfuscated exploits might not be detected by IDS and IPS systems, thus allowing attackers to successfully attack the target web client...