35 matches found
Omnistealer uses the blockchain to steal everything it can
A new infostealer dubbed Omnistealer is turning the blockchain into a permanent malware hosting platform, which is bad news for both companies and everyday users. It’s pretty common for malware to store its payload on a public platform, ideally one that adds some trustworthiness to the download...
OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure
OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure By Nico Paulo Yturriaga and Pham Duy Phuc · June 24, 2025 The Trellix Advanced Research Center has uncovered a sophisticated APT malware campaign that we’ve dubbed OneClik. It specifically targets the energy, oil...
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new module that implements call stack spoofing to hide the origin of...
New ValleyRAT Malware Variant Spreading via Fake Chrome Downloads
Morphisec uncovers a new ValleyRAT malware variant with advanced evasion tactics, multi-stage infection chains, and novel delivery methods…...
New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption f...
New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection
New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Only part of this ga...
Mandrake spyware sneaks onto Google Play again, flying under the radar for two years
Introduction In May 2020, Bitdefender released a white paper containing a detailed analysis of Mandrake, a sophisticated Android cyber-espionage platform, which had been active in the wild for at least four years. In April 2024, we discovered a suspicious sample that appeared to be a new version ...
Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine
A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts. The attack chain, per Fortinet FortiGuard Labs, involves a Microsoft Excel file that carries an embedded VBA macro to initia...
Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware...
CrimsonEDR - Simulate The Behavior Of AV/EDR For Malware Development Training
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response EDR. By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics...
North Koreans Secretly Animated Amazon and Max Shows, Researchers Say
Thousands of exposed files on a misconfigured North Korean server hint at one way the reclusive country may evade international sanctions...
Saints Turned Evil
Saints Turned Evil By Daksh Kapur and Rohan Shah · January 2, 2024 This blog was also written by Sushant Kumar Arya Attribution at the Bottom As technology advances, attackers are constantly developing new evasion mechanisms to bypass security products and stay one step ahead of security vendors...
Peeling off QR Code Phishing Onion
Peeling off QR Code Phishing Onion: Revealing the Hidden Layers of Deceit By Neel H. Pathak and Pratik Sunil Kadam · October 10, 2023 Introduction: Malicious actors always seek innovative ways to bypass detection. The Trellix Advanced Research Center recently noticed an attack campaign with an...
Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics
The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitatin...
Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer
A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer. "The operation was active for more than a year with the end goal of compromising credentials and data exfiltration," Bitdefender security researcher Vict...
Pikabot A Stealthy Backdoor with Ingenious Evasion Tactics
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Pikabot, a sophisticated backdoor evades analysis with anti-analysis measures like the "sleep" function, uses NtContinue API, employs language-based execution cessation, and shows connections to Qakbot...
SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics
The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features...
SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics
The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features...
Novel Malware Hijacks Facebook Business Accounts
A new malware is hijacking high-profile Meta Facebook Business and advertising platform accounts through a phishing campaign that targets LinkedIn accounts. The malware, dubbed Ducktail, uses browser cookies from authenticated user sessions to take over accounts and steal data, researchers said...
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload
Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to deliver the LockBit ransomware...