193 matches found
Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives
Hackers are using fake purchase order emails and process hollowing to deploy fileless PureLogs malware to steal Windows users' browser, crypto, and Discord data...
Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users
Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection...
Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning
Cybercriminals are using SEO poisoning and fake Gemini and Claude installer sites to infect developers with fileless malware and steal data...
Microsoft’s Retired IE Tool MSHTA Now Being Used in Fileless Malware Attacks
Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users...
Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files
New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data...
Active HanGhost Loader Campaign Targets Enterprise Payment and Logistics Workflows
Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery...
Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries
We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques...
Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution
Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution By Madhini Muralidharan · March 11, 2026 Traditional malware campaigns rely heavily on dropping executable files to disk—artifacts that defenders can scan, quarantine, and analyze with signature-based security tools. Mode...
Linux RC4 Encrypted Payload Generator
This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. Linux kernel version support: 3.17+ Module Options msf use evasion/linux/x64/rc4packer msf evasionrc4packer show actions ...actions... msf evasionrc4packer set...
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan RATs payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOIDGEIST by...
Linux RC4 Packer with In-Memory Execution (x86)
This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. The evasion module works on systems with Linux Kernel 3.17+ due to memfdcreate support. Features: - RC4 encryption with configurable key size - Fileless execution...
Linux RC4 Packer with In-Memory Execution
This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. Linux kernel version support: 3.17+ Module Options msf use evasion/linux/aarch64/rc4packer msf evasionrc4packer show actions ...actions... msf evasionrc4packer set...
Detecting PowerShell-Based Fileless Cryptojacking Attacks Using Machine Learning
With the emergence of remote code execution RCE vulnerabilities in ubiquitous libraries and advanced social engineering techniques, threat actors have started conducting widespread fileless cryptojacking attacks. These attacks have become effective with stealthy techniques based on PowerShell-bas...
WMI Event Subscription Logon Timer Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will trigger the payload after the system has a certain uptime. Payloads will trigger every minute until the set end time. Additionally a custom command can be specified to run...
WMI Event Subscription Interval Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload after the specified CALLBACKINTERVAL. If the persistence is not installed, it will keep triggering payloads to spawn. Additionally a custom command can be...
WMI Event Subscription Process Persistence
This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload when the specified process is started. Additionally a custom command can be specified to run once the trigger is activated using the advanced opti...
WMI Event Subscription Interval Persistence
This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload after the specified CALLBACKINTERVAL. If the persistence is not installed, it will keep triggering payloads to spawn. Additionally a custom comman...
WMI Event Subscription Event Log Persistence
This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified USERNAMETRIGGER note: failed logon auditing must be...
Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators
Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access,...
Torrent for DiCaprio’s “One Battle After Another” Movie Drops Agent Tesla
Bitdefender researchers warn that the torrent for Leonardo DiCaprio’s One Battle After Another is a trap deploying Agent Tesla malware. Learn how the fileless LOTL attack targets unsuspecting Windows users...