ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers

The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that...

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

Our blog entry discusses a fake PoC exploit for LDAPNightmare CVE-2024-49113 that is being used to distribute information-stealing malware...

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...

Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers

Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake's platform," the company...

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE describe...

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method...

New Info Stealer Bandit Stealer Targets Browsers, Wallets

This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets...

MAL-2023-6525 Malicious code in selfpyintpaypal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 13bec999a49bf9dee37e242115164d05756af19ea57d26d0b54b4c67c1f01571 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-5975 Malicious code in selfcontrolloadload (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 91681b7a493590b12a07e21ace57fdd2de85ae9dc23ca4f31d3b60c6a8ec1b9d EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-2868 Malicious code in esqgameencodereplace (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a52a247b3876e80074ffdc24a1731191f9a280dcccbba73c0090e5f2aeac4ac2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-4330 Malicious code in libpipultravirtual (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7fcc0ea3b75f3b40abcfb64156cfe1244cf729c1511a1e325ca450c73a7ee9f4 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-6777 Malicious code in selfvisapaypalmine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3a524c8256175ba1602631d62ca2c164baceef5887f1703949ab0176bb3b458d EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-6974 Malicious code in tpcraftcraftencode (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d51287043143cc2b77dac9f3dac8fe7c54c6e797cee2425b1a581c4565357235 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-6320 Malicious code in selfmccontrolstudy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d03dd732353d8a4b704ceabee4dac2c38a0adcb3b1f0dd06041b97a2199dd0fe EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-2770 Malicious code in esqccstringmask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ad3667ef6b7620604468e627b774f2339b75086dc8eb705cbaaa95acd784e178 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-4035 Malicious code in libguigrandmc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6aecdbe6b089ffe59ba97add73503b78ab4c6dc432a5b733ed03687c146effbf EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-3251 Malicious code in esqproofpostvisa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4f7f8a15aa43961603fb970769bb15b81c183b16ddeac174aba7543a71e826a4 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-4427 Malicious code in libpywvisavirtual (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 540ea90e3d87a637e7a3ec6f877f08c2472ca40792a0205b75ebfebb605168ea EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-5702 Malicious code in py-toolvmintel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2ccac77210f7a5f6eb7a2b5cde9438746cb1cb075e08e331a9fd47811447ce0c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-2895 Malicious code in esqgetlibpyw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 67186a3694ab2d755a3b406239cd713d96ade3d92d6d45ec1e9d41506af1f3bf EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...