Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware

TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions...

ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers

The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that...

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

Our blog entry discusses a fake PoC exploit for LDAPNightmare CVE-2024-49113 that is being used to distribute information-stealing malware...

PT-2024-9433 · Microsoft · Windows Lightweight Directory Access Protocol +1

Name of the Vulnerable Software and Affected Versions: Windows Lightweight Directory Access Protocol LDAP affected versions not specified Description: The issue is related to a denial-of-service vulnerability in Windows Lightweight Directory Access Protocol LDAP. This vulnerability can cause the...

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...

Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers

Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake's platform," the company...

Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks

Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials DBSC to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an op...

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE describe...

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method...

The Alarming Rise of Infostealers: How to Detect this Silent Threat

A new study conducted by Uptycs has uncovered a stark increase in the distribution of information stealing a.k.a. infostealer or stealer malware. Incidents have more than doubled in Q1 2023, indicating an alarming trend that threatens global organizations. According to the new Uptycs' whitepaper,...

New Info Stealer Bandit Stealer Targets Browsers, Wallets

This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets...

Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks

A Brazilian threat actor is targeting more than 30 Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021. "The attackers can steal credentials and exfiltrate users' data and personal information, which can be leveraged for...

MAL-2023-6525 Malicious code in selfpyintpaypal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 13bec999a49bf9dee37e242115164d05756af19ea57d26d0b54b4c67c1f01571 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-5975 Malicious code in selfcontrolloadload (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 91681b7a493590b12a07e21ace57fdd2de85ae9dc23ca4f31d3b60c6a8ec1b9d EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-5233 Malicious code in py-intellibint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c51243b24c705c8e86f895cf56a4aaf31db49b64674882dbef77513f1bc075dc EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-2868 Malicious code in esqgameencodereplace (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a52a247b3876e80074ffdc24a1731191f9a280dcccbba73c0090e5f2aeac4ac2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-4330 Malicious code in libpipultravirtual (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7fcc0ea3b75f3b40abcfb64156cfe1244cf729c1511a1e325ca450c73a7ee9f4 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-2934 Malicious code in esqguiproofad (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2038f714e65a7ca4986eb7682c8618bbe9cef3aa2ae698dfb2a8321669c84b29 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-6974 Malicious code in tpcraftcraftencode (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d51287043143cc2b77dac9f3dac8fe7c54c6e797cee2425b1a581c4565357235 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-6777 Malicious code in selfvisapaypalmine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3a524c8256175ba1602631d62ca2c164baceef5887f1703949ab0176bb3b458d EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...