323 matches found
Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks
An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group...
What is RAT Remote Access Trojan ❓ Detection and Removal
Introduction Humans live in the 21st century where a large portion of our exchanges are taken care of on the web. Thus, people, businesses and organizations are presented with new online protection dangers. A significant number of these digital dangers will break into your framework and challenge...
New Fileless Malware Uses Windows Registry as Storage to Evade Detection
A new JavaScript-based remote access Trojan RAT propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion's Adversarial...
Backdoor.Win32.VB.awm Authentication Bypass / Information Disclosure
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2271d942a23a89d7adea524d4ac3c13f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.awm Vulnerability: Authentication Bypass - Information Leakage Description: The...
Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild
Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular" .NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar...
Threat Spotlight: Solarmarker
By Andrew Windsor, with contributions from Chris Neal. Executive summaryCisco Talos has observed new activity from Solarmarker, a highly modular .NET-based information stealer and keylogger.A previous staging module, "d.m," used with this malware has been replaced by a new module dubbed... This i...
MacOS Being Picked Apart by $49 XLoader Data Stealer
There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low as $49. It’s not only cheap; it’s easy. The data stealer is distributed in the form of malware-as-a-service MaaS and stands...
Redpill - Assist Reverse Tcp Shells In Post-Exploration Tasks
Project Description The redpill project aims to assist reverse tcp shells in post-exploration tasks. Often in redteam engagements we need to use unconventional ways to access target system, such as reverse tcp shells not metasploit in order to bypass the defenses implemented by the system...
Investigating a unique “form” of email delivery for IcedID malware
Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are...
BlackMamba - C2/post-exploitation Framework
BlackMamba is a multi client C2/post exploitation framework with some spyware features. Powered by Python 3.8.6 and QT Framework. Some of BlackMamba features are: Multi Client - Supports multiple client connections at the same time. Real Time Communication Updates - Real time communication and...
Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques
Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan RAT to get around defense barriers and monitor its victims. Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware...
Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques
Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan RAT to get around defense barriers and monitor its victims. Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware...
ElectroRat crypto-stealing malware hits MacOS, Windows, Linux devices
By Waqas The undetected ElectroRat malware is capable of stealing private keys to access victims’ wallets and also run keylogger on a targeted device. This is a post from HackRead.com Read the original post: ElectroRat crypto-stealing malware hits MacOS, Windows, Linux devices...
Agent Tesla Keylogger Gets Data Theft and Targeting Update
Six-year-old keylogger malware called Agent Tesla has been updated again, this time with expanded targeting and improved data exfiltration features. Agent Tesla first came into the scene in 2014, specializing in keylogging designed to record keystrokes made by a user in order to exfiltrate data...
paradoxiaRAT - Native Windows Remote Access Tool
Paradoxia Remote Access Tool. Features Paradoxia Console Feature | Description ---|--- Easy to use | Paradoxia is extremely easy to use, So far the easiest rat! Root Shell | - Automatic Client build | Build Paradoxia Client easily with or without the icon of your choice. Multithreaded |...
GovRAT 2.0 - FUD unknown RAT with special functions
This RAT was written by me and cannot be blocked. FUD tested with the strictest firewall policies. You are buying the source code + digital certificate to sign your files. I can also host the C&C for you for extra Functions: Access C&C with any browser. Compile C&C for Linux OR Windows. VALID...
Informatica: Improper Sanitization leads to XSS Fire on admin panel
Summary Because the HTML is not sanitized when taking the input on https://accounts.informatica.com/registration.html, the input is vulnerable to XSS. When a payload such as " is put into the form under company it triggers a blind xss. When the payload successfully is loaded, it dumps information...
CISA: LokiBot Stealer Storms Into a Resurgence
The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that the LokiBot info-stealing trojan is seeing a surge across the enterprise landscape. The uptick started in July, according to the agency, and activity has remained “persistent” ever since. LokiBot targets Windows and...
U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence
The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security MOIS for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors...
Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach
The FireEye Front Line Applied Research & Expertise FLARE Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the la...